diff --git a/Makefile b/Makefile
index 27ee8f98..6ec1aa3a 100644
--- a/Makefile
+++ b/Makefile
@@ -147,7 +147,7 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest
## Tool Versions
KUSTOMIZE_VERSION ?= v5.0.0
-CONTROLLER_TOOLS_VERSION ?= v0.11.3
+CONTROLLER_TOOLS_VERSION ?= v0.14.0
KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
.PHONY: kustomize
diff --git a/api/doris/v1/types.go b/api/doris/v1/types.go
index 5157d56c..d9948749 100644
--- a/api/doris/v1/types.go
+++ b/api/doris/v1/types.go
@@ -124,10 +124,6 @@ type BaseSpec struct {
//example: if you want to use `stream load` to load data into doris out k8s, you can use be service and config different service type for loading data.
Service *ExportService `json:"service,omitempty"`
- //A special supplemental group that applies to all containers in a pod.
- // Some volume types allow the Kubelet to change the ownership of that volume
- // to be owned by the pod:
- FsGroup *int64 `json:"fsGroup,omitempty"`
// specify register fe addresses
FeAddress *FeAddress `json:"feAddress,omitempty"`
@@ -183,6 +179,14 @@ type BaseSpec struct {
//SystemInitialization for fe, be and cn setting system parameters.
SystemInitialization *SystemInitialization `json:"systemInitialization,omitempty"`
+
+ //Security context for pod.
+ //+optional
+ SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"`
+
+ //Security context for all containers running in the pod (unless they override it).
+ //+optional
+ ContainerSecurityContext *corev1.SecurityContext `json:"containerSecurityContext,omitempty"`
}
type SystemInitialization struct {
diff --git a/api/doris/v1/zz_generated.deepcopy.go b/api/doris/v1/zz_generated.deepcopy.go
index 3f023311..36a377a8 100644
--- a/api/doris/v1/zz_generated.deepcopy.go
+++ b/api/doris/v1/zz_generated.deepcopy.go
@@ -1,5 +1,4 @@
//go:build !ignore_autogenerated
-// +build !ignore_autogenerated
/*
Copyright 2023.
@@ -82,11 +81,6 @@ func (in *BaseSpec) DeepCopyInto(out *BaseSpec) {
*out = new(ExportService)
(*in).DeepCopyInto(*out)
}
- if in.FsGroup != nil {
- in, out := &in.FsGroup, &out.FsGroup
- *out = new(int64)
- **out = **in
- }
if in.FeAddress != nil {
in, out := &in.FeAddress, &out.FeAddress
*out = new(FeAddress)
@@ -156,6 +150,16 @@ func (in *BaseSpec) DeepCopyInto(out *BaseSpec) {
*out = new(SystemInitialization)
(*in).DeepCopyInto(*out)
}
+ if in.SecurityContext != nil {
+ in, out := &in.SecurityContext, &out.SecurityContext
+ *out = new(corev1.PodSecurityContext)
+ (*in).DeepCopyInto(*out)
+ }
+ if in.ContainerSecurityContext != nil {
+ in, out := &in.ContainerSecurityContext, &out.ContainerSecurityContext
+ *out = new(corev1.SecurityContext)
+ (*in).DeepCopyInto(*out)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BaseSpec.
diff --git a/config/crd/bases/doris.selectdb.com_dorisclusters.yaml b/config/crd/bases/doris.selectdb.com_dorisclusters.yaml
index 53d927f6..b95507e5 100644
--- a/config/crd/bases/doris.selectdb.com_dorisclusters.yaml
+++ b/config/crd/bases/doris.selectdb.com_dorisclusters.yaml
@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.11.3
- creationTimestamp: null
+ controller-gen.kubebuilder.io/version: v0.14.0
name: dorisclusters.doris.selectdb.com
spec:
group: doris.selectdb.com
@@ -36,14 +35,19 @@ spec:
description: DorisCluster is the Schema for the dorisclusters API
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -63,10 +67,9 @@ spec:
type: string
type: object
authSecret:
- description: the name of secret that type is `kubernetes.io/basic-auth`
- and contains keys username, password for management doris node in
- cluster as fe, be register. the password key is `password`. the
- username defaults to `root` and is omitempty.
+ description: |-
+ the name of secret that type is `kubernetes.io/basic-auth` and contains keys username, password for management doris node in cluster as fe, be register.
+ the password key is `password`. the username defaults to `root` and is omitempty.
type: string
beSpec:
description: defines the be cluster state pod that will be created
@@ -80,22 +83,20 @@ spec:
the pod.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the affinity expressions specified
- by this field, but it may choose a node that violates
- one or more of the expressions. The node that is most
- preferred is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node matches the corresponding matchExpressions;
- the node(s) with the highest sum are the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
items:
- description: An empty preferred scheduling term matches
- all objects with implicit weight 0 (i.e. it's a no-op).
- A null preferred scheduling term matches no objects
- (i.e. is also a no-op).
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
properties:
preference:
description: A node selector term, associated with
@@ -105,32 +106,26 @@ spec:
description: A list of node selector requirements
by node's labels.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -143,32 +138,26 @@ spec:
description: A list of node selector requirements
by node's fields.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -190,53 +179,46 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by
- this field are not met at scheduling time, the pod will
- not be scheduled onto the node. If the affinity requirements
- specified by this field cease to be met at some point
- during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from
- its node.
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
properties:
nodeSelectorTerms:
description: Required. A list of node selector terms.
The terms are ORed.
items:
- description: A null or empty node selector term
- matches no objects. The requirements of them are
- ANDed. The TopologySelectorTerm type implements
- a subset of the NodeSelectorTerm.
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -249,32 +231,26 @@ spec:
description: A list of node selector requirements
by node's fields.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -297,18 +273,16 @@ spec:
other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the affinity expressions specified
- by this field, but it may choose a node that violates
- one or more of the expressions. The node that is most
- preferred is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest sum are
- the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred
@@ -327,30 +301,25 @@ spec:
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -362,53 +331,45 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by
- this field and the ones listed in the namespaces
- field. null selector and null or empty namespaces
- list means "this pod's namespace". An empty
- selector ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -420,42 +381,37 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to.
- The term is applied to the union of the namespaces
- listed in this field and the ones selected
- by namespaceSelector. null or empty namespaces
- list and null namespaceSelector means "this
- pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the
- pods matching the labelSelector in the specified
- namespaces, where co-located is defined as
- running on a node whose value of the label
- with key topologyKey matches that of any node
- on which any of the selected pods is running.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
- description: weight associated with matching the
- corresponding podAffinityTerm, in the range 1-100.
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
format: int32
type: integer
required:
@@ -464,23 +420,22 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by
- this field are not met at scheduling time, the pod will
- not be scheduled onto the node. If the affinity requirements
- specified by this field cease to be met at some point
- during pod execution (e.g. due to a pod label update),
- the system may or may not try to eventually evict the
- pod from its node. When there are multiple elements,
- the lists of nodes corresponding to each podAffinityTerm
- are intersected, i.e. all terms must be satisfied.
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s))
- that this pod should be co-located (affinity) or not
- co-located (anti-affinity) with, where co-located
- is defined as running on a node whose value of the
- label with key matches that of any node
- on which a pod of the set of pods is running
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
properties:
labelSelector:
description: A label query over a set of resources,
@@ -491,28 +446,24 @@ spec:
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -525,51 +476,44 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by this
- field and the ones listed in the namespaces field.
- null selector and null or empty namespaces list
- means "this pod's namespace". An empty selector
- ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -582,33 +526,29 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to. The
- term is applied to the union of the namespaces
- listed in this field and the ones selected by
- namespaceSelector. null or empty namespaces list
- and null namespaceSelector means "this pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey
- matches that of any node on which any of the selected
- pods is running. Empty topologyKey is not allowed.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
type: string
required:
- topologyKey
@@ -621,18 +561,16 @@ spec:
as some other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the anti-affinity expressions
- specified by this field, but it may choose a node that
- violates one or more of the expressions. The node that
- is most preferred is the one with the greatest sum of
- weights, i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- anti-affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest sum are
- the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred
@@ -651,30 +589,25 @@ spec:
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -686,53 +619,45 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by
- this field and the ones listed in the namespaces
- field. null selector and null or empty namespaces
- list means "this pod's namespace". An empty
- selector ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -744,42 +669,37 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to.
- The term is applied to the union of the namespaces
- listed in this field and the ones selected
- by namespaceSelector. null or empty namespaces
- list and null namespaceSelector means "this
- pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the
- pods matching the labelSelector in the specified
- namespaces, where co-located is defined as
- running on a node whose value of the label
- with key topologyKey matches that of any node
- on which any of the selected pods is running.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
- description: weight associated with matching the
- corresponding podAffinityTerm, in the range 1-100.
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
format: int32
type: integer
required:
@@ -788,23 +708,22 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the anti-affinity requirements specified
- by this field are not met at scheduling time, the pod
- will not be scheduled onto the node. If the anti-affinity
- requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod
- label update), the system may or may not try to eventually
- evict the pod from its node. When there are multiple
- elements, the lists of nodes corresponding to each podAffinityTerm
- are intersected, i.e. all terms must be satisfied.
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s))
- that this pod should be co-located (affinity) or not
- co-located (anti-affinity) with, where co-located
- is defined as running on a node whose value of the
- label with key matches that of any node
- on which a pod of the set of pods is running
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
properties:
labelSelector:
description: A label query over a set of resources,
@@ -815,28 +734,24 @@ spec:
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -849,51 +764,44 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by this
- field and the ones listed in the namespaces field.
- null selector and null or empty namespaces list
- means "this pod's namespace". An empty selector
- ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -906,33 +814,29 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to. The
- term is applied to the union of the namespaces
- listed in this field and the ones selected by
- namespaceSelector. null or empty namespaces list
- and null namespaceSelector means "this pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey
- matches that of any node on which any of the selected
- pods is running. Empty topologyKey is not allowed.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
type: string
required:
- topologyKey
@@ -947,17 +851,24 @@ spec:
for collect to monitor system.
type: object
claims:
- description: "Claims lists the names of resources, defined in
- spec.resourceClaims, that are used by this container. \n This
- is an alpha field and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable."
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
- description: Name must match the name of one entry in pod.spec.resourceClaims
- of the Pod where this field is used. It makes that resource
- available inside a container.
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
type: string
required:
- name
@@ -970,38 +881,206 @@ spec:
description: the reference for cn configMap.
properties:
configMapName:
- description: ConfigMapName mapped the configuration files
- in the doris 'conf/' directory. such as 'fe.conf', 'be.conf'.
- If HDFS access is involved, there may also be 'core-site.xml'
- and other files. doris-operator mounts these configuration
- files in the '/etc/doris' directory by default. links them
- to the 'conf/' directory of the doris component through
- soft links.
+ description: |-
+ ConfigMapName mapped the configuration files in the doris 'conf/' directory.
+ such as 'fe.conf', 'be.conf'. If HDFS access is involved, there may also be 'core-site.xml' and other files.
+ doris-operator mounts these configuration files in the '/etc/doris' directory by default.
+ links them to the 'conf/' directory of the doris component through soft links.
type: string
configMaps:
- description: ConfigMaps can mount multiple configmaps to the
- specified path. The mounting path of configmap cannot be
- repeated.
+ description: |-
+ ConfigMaps can mount multiple configmaps to the specified path.
+ The mounting path of configmap cannot be repeated.
items:
properties:
configMapName:
description: name of configmap that needs to mount.
type: string
mountPath:
- description: Current ConfigMap Mount Path. If MountConfigMapInfo
- belongs to the same ConfigMapInfo, their MountPath
- cannot be repeated.
+ description: |-
+ Current ConfigMap Mount Path.
+ If MountConfigMapInfo belongs to the same ConfigMapInfo, their MountPath cannot be repeated.
type: string
type: object
type: array
resolveKey:
- description: 'Deprecated: This configuration has been abandoned
- and will be cleared in version 1.7.0. It is currently forced
- to be ''fe.conf'', ''be.conf'', ''apache_hdfs_broker.conf''
- It is no longer effective. the configuration content will
- not take effect.'
+ description: |-
+ Deprecated: This configuration has been abandoned and will be cleared in version 1.7.0.
+ It is currently forced to be 'fe.conf', 'be.conf', 'apache_hdfs_broker.conf'
+ It is no longer effective. the configuration content will not take effect.
type: string
type: object
+ containerSecurityContext:
+ description: Security context for all containers running in the
+ pod (unless they override it).
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ This field is alpha-level and will only be honored by components that enable the
+ WindowsHostProcessContainers feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod. All of a Pod's containers must
+ have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess is true
+ then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
envVars:
description: cnEnvVars is a slice of environment variables that
are added to the pods, the default is empty.
@@ -1014,15 +1093,16 @@ spec:
C_IDENTIFIER.
type: string
value:
- description: 'Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in
- the container and any service environment variables. If
- a variable cannot be resolved, the reference in the input
- string will be unchanged. Double $$ are reduced to a single
- $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Defaults to "".'
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value.
@@ -1035,9 +1115,10 @@ spec:
description: The key to select.
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its
@@ -1048,11 +1129,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
fieldRef:
- description: 'Selects a field of the pod: supports metadata.name,
- metadata.namespace, `metadata.labels['''']`,
- `metadata.annotations['''']`, spec.nodeName,
- spec.serviceAccountName, status.hostIP, status.podIP,
- status.podIPs.'
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema the FieldPath
@@ -1067,10 +1146,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
- description: 'Selects a resource of the container: only
- resources limits and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu, requests.memory
- and requests.ephemeral-storage) are currently supported.'
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required for volumes,
@@ -1100,9 +1178,10 @@ spec:
be a valid secret key.
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key
@@ -1139,19 +1218,14 @@ spec:
type: integer
type: object
type: object
- fsGroup:
- description: 'A special supplemental group that applies to all
- containers in a pod. Some volume types allow the Kubelet to
- change the ownership of that volume to be owned by the pod:'
- format: int64
- type: integer
hostAliases:
- description: HostAliases is an optional list of hosts and IPs
- that will be injected into the pod's hosts file if specified.
- This is only valid for non-hostNetwork pods.
+ description: |-
+ HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
+ file if specified. This is only valid for non-hostNetwork pods.
items:
- description: HostAlias holds the mapping between IP and hostnames
- that will be injected as an entry in the pod's hosts file.
+ description: |-
+ HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
+ pod's hosts file.
properties:
hostnames:
description: Hostnames for the above IP address.
@@ -1167,18 +1241,20 @@ spec:
description: Image for a doris cn deployment.
type: string
imagePullSecrets:
- description: 'ImagePullSecrets is an optional list of references
- to secrets in the same namespace to use for pulling any of the
- images used by this PodSpec. If specified, these secrets will
- be passed to individual puller implementations for them to use.
- More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
+ description: |-
+ ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ If specified, these secrets will be passed to individual puller implementations for them to use.
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
items:
- description: LocalObjectReference contains enough information
- to let you locate the referenced object inside the same namespace.
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
@@ -1190,8 +1266,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
nodeSelector:
additionalProperties:
@@ -1215,28 +1292,27 @@ spec:
spec about storage that pods are required.
properties:
accessModes:
- description: 'accessModes contains the desired access
- modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
items:
type: string
type: array
dataSource:
- description: 'dataSource field can be used to specify
- either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim) If the provisioner
- or an external controller can support the specified
- data source, it will create a new volume based on
- the contents of the specified data source. When the
- AnyVolumeDataSource feature gate is enabled, dataSource
- contents will be copied to dataSourceRef, and dataSourceRef
- contents will be copied to dataSource when dataSourceRef.namespace
- is not specified. If the namespace is specified, then
- dataSourceRef will not be copied to dataSource.'
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
properties:
apiGroup:
- description: APIGroup is the group for the resource
- being referenced. If APIGroup is not specified,
- the specified Kind must be in the core API group.
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required.
type: string
kind:
@@ -1253,40 +1329,35 @@ spec:
type: object
x-kubernetes-map-type: atomic
dataSourceRef:
- description: 'dataSourceRef specifies the object from
- which to populate the volume with data, if a non-empty
- volume is desired. This may be any object from a non-empty
- API group (non core object) or a PersistentVolumeClaim
- object. When this field is specified, volume binding
- will only succeed if the type of the specified object
- matches some installed volume populator or dynamic
- provisioner. This field will replace the functionality
- of the dataSource field and as such if both fields
- are non-empty, they must have the same value. For
- backwards compatibility, when namespace isn''t specified
- in dataSourceRef, both fields (dataSource and dataSourceRef)
- will be set to the same value automatically if one
- of them is empty and the other is non-empty. When
- namespace is specified in dataSourceRef, dataSource
- isn''t set to the same value and must be empty. There
- are three important differences between dataSource
- and dataSourceRef: * While dataSource only allows
- two specific types of objects, dataSourceRef allows
- any non-core object, as well as PersistentVolumeClaim
- objects. * While dataSource ignores disallowed values
- (dropping them), dataSourceRef preserves all values,
- and generates an error if a disallowed value is specified.
- * While dataSource only allows local objects, dataSourceRef
- allows objects in any namespaces. (Beta) Using this
- field requires the AnyVolumeDataSource feature gate
- to be enabled. (Alpha) Using the namespace field of
- dataSourceRef requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled.'
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
properties:
apiGroup:
- description: APIGroup is the group for the resource
- being referenced. If APIGroup is not specified,
- the specified Kind must be in the core API group.
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required.
type: string
kind:
@@ -1298,42 +1369,43 @@ spec:
referenced
type: string
namespace:
- description: Namespace is the namespace of resource
- being referenced Note that when a namespace is
- specified, a gateway.networking.k8s.io/ReferenceGrant
- object is required in the referent namespace to
- allow that namespace's owner to accept the reference.
- See the ReferenceGrant documentation for details.
- (Alpha) This field requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled.
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
type: string
required:
- kind
- name
type: object
resources:
- description: 'resources represents the minimum resources
- the volume should have. If RecoverVolumeExpansionFailure
- feature is enabled users are allowed to specify resource
- requirements that are lower than previous value but
- must still be higher than capacity recorded in the
- status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
properties:
claims:
- description: "Claims lists the names of resources,
- defined in spec.resourceClaims, that are used
- by this container. \n This is an alpha field and
- requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable."
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable.
items:
description: ResourceClaim references one entry
in PodSpec.ResourceClaims.
properties:
name:
- description: Name must match the name of one
- entry in pod.spec.resourceClaims of the
- Pod where this field is used. It makes that
- resource available inside a container.
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
type: string
required:
- name
@@ -1349,8 +1421,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
@@ -1359,11 +1432,11 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum amount
- of compute resources required. If Requests is
- omitted for a container, it defaults to Limits
- if that is explicitly specified, otherwise to
- an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
selector:
@@ -1374,26 +1447,25 @@ spec:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
- description: A label selector requirement is a
- selector that contains values, a key, and an
- operator that relates the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty. If the
- operator is Exists or DoesNotExist, the
- values array must be empty. This array is
- replaced during a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -1405,23 +1477,22 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is "In",
- and the values array contains only "value". The
- requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
storageClassName:
- description: 'storageClassName is the name of the StorageClass
- required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
type: string
volumeMode:
- description: volumeMode defines what type of volume
- is required by the claim. Value of Filesystem is implied
- when not included in claim spec.
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
type: string
volumeName:
description: volumeName is the binding reference to
@@ -1450,16 +1521,193 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum amount of compute
- resources required. If Requests is omitted for a container,
- it defaults to Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ securityContext:
+ description: Security context for pod.
+ properties:
+ fsGroup:
+ description: |-
+ A special supplemental group that applies to all containers in a pod.
+ Some volume types allow the Kubelet to change the ownership of that volume
+ to be owned by the pod:
+
+
+ 1. The owning GID will be the FSGroup
+ 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw----
+
+
+ If unset, the Kubelet will not modify the ownership and permissions of any volume.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: |-
+ fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
+ before being exposed inside Pod. This field will only apply to
+ volume types which support fsGroup based ownership(and permissions).
+ It will have no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir.
+ Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in SecurityContext. If set in
+ both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by the containers in this pod.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: |-
+ A list of groups applied to the first process run in each container, in addition
+ to the container's primary GID, the fsGroup (if specified), and group memberships
+ defined in the container image for the uid of the container process. If unspecified,
+ no additional groups are added to any container. Note that group memberships
+ defined in the container image for the uid of the container process are still effective,
+ even if they are not included in this list.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: |-
+ Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
+ sysctls (by the container runtime) might fail to launch.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options within a container's SecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ This field is alpha-level and will only be honored by components that enable the
+ WindowsHostProcessContainers feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod. All of a Pod's containers must
+ have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess is true
+ then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
type: object
service:
- description: 'expose doris components for accessing. example:
- if you want to use `stream load` to load data into doris out
- k8s, you can use be service and config different service type
- for loading data.'
+ description: |-
+ expose doris components for accessing.
+ example: if you want to use `stream load` to load data into doris out k8s, you can use be service and config different service type for loading data.
properties:
annotations:
additionalProperties:
@@ -1468,15 +1716,15 @@ spec:
platform.
type: object
loadBalancerIP:
- description: 'Only applies to Service Type: LoadBalancer.
- This feature depends on whether the underlying cloud-provider
- supports specifying the loadBalancerIP when a load balancer
- is created. This field will be ignored if the cloud-provider
- does not support the feature. This field was under-specified
- and its meaning varies across implementations, and it cannot
- support dual-stack. As of Kubernetes v1.24, users are encouraged
- to use implementation-specific annotations when available.
- This field may be removed in a future API version.'
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ This field was under-specified and its meaning varies across implementations,
+ and it cannot support dual-stack.
+ As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available.
+ This field may be removed in a future API version.
type: string
servicePorts:
description: ServicePort config service for NodePort access
@@ -1485,37 +1733,37 @@ spec:
description: DorisServicePort for ServiceType=NodePort situation.
properties:
nodePort:
- description: 'The port on each node on which this service
- is exposed when type is NodePort or LoadBalancer. Usually
- assigned by the system. If a value is specified, in-range,
- and not in use it will be used, otherwise the operation
- will fail. If not specified, a port will be allocated
- if this Service requires one. If this field is specified
- when creating a Service which does not need it, creation
- will fail. This field will be wiped when updating
- a Service to no longer need it (e.g. changing type
- from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
- need in 30000-32767'
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ need in 30000-32767
format: int32
type: integer
targetPort:
- description: 'Number or name of the port to access on
- the pods targeted by the service. Number must be in
- the range 1 to 65535. Name must be an IANA_SVC_NAME.
- If this is a string, it will be looked up as a named
- port in the target Pod''s container ports. If this
- is not specified, the value of the ''port'' field
- is used (an identity map). This field is ignored for
- services with clusterIP=None, and should be omitted
- or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
format: int32
type: integer
type: object
type: array
type:
- description: 'type of service,the possible value for the service
- type are : ClusterIP, NodePort, LoadBalancer,ExternalName.
- More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ description: |-
+ type of service,the possible value for the service type are : ClusterIP, NodePort, LoadBalancer,ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
type: string
type: object
serviceAccount:
@@ -1543,41 +1791,39 @@ spec:
description: (Optional) Tolerations for scheduling pods onto some
dedicated nodes
items:
- description: The pod this Toleration is attached to tolerates
- any taint that matches the triple using
- the matching operator .
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
properties:
effect:
- description: Effect indicates the taint effect to match.
- Empty means match all taint effects. When specified, allowed
- values are NoSchedule, PreferNoSchedule and NoExecute.
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
- description: Key is the taint key that the toleration applies
- to. Empty means match all taint keys. If the key is empty,
- operator must be Exists; this combination means to match
- all values and all keys.
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
- description: Operator represents a key's relationship to
- the value. Valid operators are Exists and Equal. Defaults
- to Equal. Exists is equivalent to wildcard for value,
- so that a pod can tolerate all taints of a particular
- category.
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
type: string
tolerationSeconds:
- description: TolerationSeconds represents the period of
- time the toleration (which must be of effect NoExecute,
- otherwise this field is ignored) tolerates the taint.
- By default, it is not set, which means tolerate the taint
- forever (do not evict). Zero and negative values will
- be treated as 0 (evict immediately) by the system.
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
- description: Value is the taint value the toleration matches
- to. If the operator is Exists, the value should be empty,
- otherwise just a regular string.
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
@@ -1595,22 +1841,20 @@ spec:
the pod.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the affinity expressions specified
- by this field, but it may choose a node that violates
- one or more of the expressions. The node that is most
- preferred is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node matches the corresponding matchExpressions;
- the node(s) with the highest sum are the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
items:
- description: An empty preferred scheduling term matches
- all objects with implicit weight 0 (i.e. it's a no-op).
- A null preferred scheduling term matches no objects
- (i.e. is also a no-op).
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
properties:
preference:
description: A node selector term, associated with
@@ -1620,32 +1864,26 @@ spec:
description: A list of node selector requirements
by node's labels.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -1658,32 +1896,26 @@ spec:
description: A list of node selector requirements
by node's fields.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -1705,53 +1937,46 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by
- this field are not met at scheduling time, the pod will
- not be scheduled onto the node. If the affinity requirements
- specified by this field cease to be met at some point
- during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from
- its node.
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
properties:
nodeSelectorTerms:
description: Required. A list of node selector terms.
The terms are ORed.
items:
- description: A null or empty node selector term
- matches no objects. The requirements of them are
- ANDed. The TopologySelectorTerm type implements
- a subset of the NodeSelectorTerm.
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -1764,32 +1989,26 @@ spec:
description: A list of node selector requirements
by node's fields.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -1812,18 +2031,16 @@ spec:
other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the affinity expressions specified
- by this field, but it may choose a node that violates
- one or more of the expressions. The node that is most
- preferred is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest sum are
- the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred
@@ -1842,30 +2059,25 @@ spec:
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -1877,53 +2089,45 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by
- this field and the ones listed in the namespaces
- field. null selector and null or empty namespaces
- list means "this pod's namespace". An empty
- selector ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -1935,42 +2139,37 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to.
- The term is applied to the union of the namespaces
- listed in this field and the ones selected
- by namespaceSelector. null or empty namespaces
- list and null namespaceSelector means "this
- pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the
- pods matching the labelSelector in the specified
- namespaces, where co-located is defined as
- running on a node whose value of the label
- with key topologyKey matches that of any node
- on which any of the selected pods is running.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
- description: weight associated with matching the
- corresponding podAffinityTerm, in the range 1-100.
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
format: int32
type: integer
required:
@@ -1979,23 +2178,22 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by
- this field are not met at scheduling time, the pod will
- not be scheduled onto the node. If the affinity requirements
- specified by this field cease to be met at some point
- during pod execution (e.g. due to a pod label update),
- the system may or may not try to eventually evict the
- pod from its node. When there are multiple elements,
- the lists of nodes corresponding to each podAffinityTerm
- are intersected, i.e. all terms must be satisfied.
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s))
- that this pod should be co-located (affinity) or not
- co-located (anti-affinity) with, where co-located
- is defined as running on a node whose value of the
- label with key matches that of any node
- on which a pod of the set of pods is running
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
properties:
labelSelector:
description: A label query over a set of resources,
@@ -2006,28 +2204,24 @@ spec:
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -2040,51 +2234,44 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by this
- field and the ones listed in the namespaces field.
- null selector and null or empty namespaces list
- means "this pod's namespace". An empty selector
- ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -2097,33 +2284,29 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to. The
- term is applied to the union of the namespaces
- listed in this field and the ones selected by
- namespaceSelector. null or empty namespaces list
- and null namespaceSelector means "this pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey
- matches that of any node on which any of the selected
- pods is running. Empty topologyKey is not allowed.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
type: string
required:
- topologyKey
@@ -2136,18 +2319,16 @@ spec:
as some other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the anti-affinity expressions
- specified by this field, but it may choose a node that
- violates one or more of the expressions. The node that
- is most preferred is the one with the greatest sum of
- weights, i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- anti-affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest sum are
- the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred
@@ -2166,30 +2347,25 @@ spec:
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -2201,53 +2377,45 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by
- this field and the ones listed in the namespaces
- field. null selector and null or empty namespaces
- list means "this pod's namespace". An empty
- selector ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -2259,42 +2427,37 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to.
- The term is applied to the union of the namespaces
- listed in this field and the ones selected
- by namespaceSelector. null or empty namespaces
- list and null namespaceSelector means "this
- pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the
- pods matching the labelSelector in the specified
- namespaces, where co-located is defined as
- running on a node whose value of the label
- with key topologyKey matches that of any node
- on which any of the selected pods is running.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
- description: weight associated with matching the
- corresponding podAffinityTerm, in the range 1-100.
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
format: int32
type: integer
required:
@@ -2303,23 +2466,22 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the anti-affinity requirements specified
- by this field are not met at scheduling time, the pod
- will not be scheduled onto the node. If the anti-affinity
- requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod
- label update), the system may or may not try to eventually
- evict the pod from its node. When there are multiple
- elements, the lists of nodes corresponding to each podAffinityTerm
- are intersected, i.e. all terms must be satisfied.
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s))
- that this pod should be co-located (affinity) or not
- co-located (anti-affinity) with, where co-located
- is defined as running on a node whose value of the
- label with key matches that of any node
- on which a pod of the set of pods is running
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
properties:
labelSelector:
description: A label query over a set of resources,
@@ -2330,28 +2492,24 @@ spec:
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -2364,51 +2522,44 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by this
- field and the ones listed in the namespaces field.
- null selector and null or empty namespaces list
- means "this pod's namespace". An empty selector
- ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -2421,33 +2572,29 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to. The
- term is applied to the union of the namespaces
- listed in this field and the ones selected by
- namespaceSelector. null or empty namespaces list
- and null namespaceSelector means "this pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey
- matches that of any node on which any of the selected
- pods is running. Empty topologyKey is not allowed.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
type: string
required:
- topologyKey
@@ -2462,17 +2609,24 @@ spec:
for collect to monitor system.
type: object
claims:
- description: "Claims lists the names of resources, defined in
- spec.resourceClaims, that are used by this container. \n This
- is an alpha field and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable."
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
- description: Name must match the name of one entry in pod.spec.resourceClaims
- of the Pod where this field is used. It makes that resource
- available inside a container.
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
type: string
required:
- name
@@ -2485,38 +2639,206 @@ spec:
description: the reference for cn configMap.
properties:
configMapName:
- description: ConfigMapName mapped the configuration files
- in the doris 'conf/' directory. such as 'fe.conf', 'be.conf'.
- If HDFS access is involved, there may also be 'core-site.xml'
- and other files. doris-operator mounts these configuration
- files in the '/etc/doris' directory by default. links them
- to the 'conf/' directory of the doris component through
- soft links.
+ description: |-
+ ConfigMapName mapped the configuration files in the doris 'conf/' directory.
+ such as 'fe.conf', 'be.conf'. If HDFS access is involved, there may also be 'core-site.xml' and other files.
+ doris-operator mounts these configuration files in the '/etc/doris' directory by default.
+ links them to the 'conf/' directory of the doris component through soft links.
type: string
configMaps:
- description: ConfigMaps can mount multiple configmaps to the
- specified path. The mounting path of configmap cannot be
- repeated.
+ description: |-
+ ConfigMaps can mount multiple configmaps to the specified path.
+ The mounting path of configmap cannot be repeated.
items:
properties:
configMapName:
description: name of configmap that needs to mount.
type: string
mountPath:
- description: Current ConfigMap Mount Path. If MountConfigMapInfo
- belongs to the same ConfigMapInfo, their MountPath
- cannot be repeated.
+ description: |-
+ Current ConfigMap Mount Path.
+ If MountConfigMapInfo belongs to the same ConfigMapInfo, their MountPath cannot be repeated.
type: string
type: object
type: array
resolveKey:
- description: 'Deprecated: This configuration has been abandoned
- and will be cleared in version 1.7.0. It is currently forced
- to be ''fe.conf'', ''be.conf'', ''apache_hdfs_broker.conf''
- It is no longer effective. the configuration content will
- not take effect.'
+ description: |-
+ Deprecated: This configuration has been abandoned and will be cleared in version 1.7.0.
+ It is currently forced to be 'fe.conf', 'be.conf', 'apache_hdfs_broker.conf'
+ It is no longer effective. the configuration content will not take effect.
type: string
type: object
+ containerSecurityContext:
+ description: Security context for all containers running in the
+ pod (unless they override it).
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ This field is alpha-level and will only be honored by components that enable the
+ WindowsHostProcessContainers feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod. All of a Pod's containers must
+ have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess is true
+ then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
envVars:
description: cnEnvVars is a slice of environment variables that
are added to the pods, the default is empty.
@@ -2529,15 +2851,16 @@ spec:
C_IDENTIFIER.
type: string
value:
- description: 'Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in
- the container and any service environment variables. If
- a variable cannot be resolved, the reference in the input
- string will be unchanged. Double $$ are reduced to a single
- $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Defaults to "".'
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value.
@@ -2550,9 +2873,10 @@ spec:
description: The key to select.
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its
@@ -2563,11 +2887,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
fieldRef:
- description: 'Selects a field of the pod: supports metadata.name,
- metadata.namespace, `metadata.labels['''']`,
- `metadata.annotations['''']`, spec.nodeName,
- spec.serviceAccountName, status.hostIP, status.podIP,
- status.podIPs.'
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema the FieldPath
@@ -2582,10 +2904,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
- description: 'Selects a resource of the container: only
- resources limits and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu, requests.memory
- and requests.ephemeral-storage) are currently supported.'
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required for volumes,
@@ -2615,9 +2936,10 @@ spec:
be a valid secret key.
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key
@@ -2654,19 +2976,14 @@ spec:
type: integer
type: object
type: object
- fsGroup:
- description: 'A special supplemental group that applies to all
- containers in a pod. Some volume types allow the Kubelet to
- change the ownership of that volume to be owned by the pod:'
- format: int64
- type: integer
hostAliases:
- description: HostAliases is an optional list of hosts and IPs
- that will be injected into the pod's hosts file if specified.
- This is only valid for non-hostNetwork pods.
+ description: |-
+ HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
+ file if specified. This is only valid for non-hostNetwork pods.
items:
- description: HostAlias holds the mapping between IP and hostnames
- that will be injected as an entry in the pod's hosts file.
+ description: |-
+ HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
+ pod's hosts file.
properties:
hostnames:
description: Hostnames for the above IP address.
@@ -2682,27 +2999,29 @@ spec:
description: Image for a doris cn deployment.
type: string
imagePullSecrets:
- description: 'ImagePullSecrets is an optional list of references
- to secrets in the same namespace to use for pulling any of the
- images used by this PodSpec. If specified, these secrets will
- be passed to individual puller implementations for them to use.
- More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
+ description: |-
+ ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ If specified, these secrets will be passed to individual puller implementations for them to use.
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
items:
- description: LocalObjectReference contains enough information
- to let you locate the referenced object inside the same namespace.
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
type: array
kickOffAffinityBe:
- description: enable affinity with be , if kickoff affinity, the
- operator will set affinity on broker with be. The affinity is
- preferred not required. When the user custom affinity the switch
- does not take effect anymore.
+ description: |-
+ enable affinity with be , if kickoff affinity, the operator will set affinity on broker with be.
+ The affinity is preferred not required.
+ When the user custom affinity the switch does not take effect anymore.
type: boolean
limits:
additionalProperties:
@@ -2711,8 +3030,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
nodeSelector:
additionalProperties:
@@ -2736,28 +3056,27 @@ spec:
spec about storage that pods are required.
properties:
accessModes:
- description: 'accessModes contains the desired access
- modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
items:
type: string
type: array
dataSource:
- description: 'dataSource field can be used to specify
- either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim) If the provisioner
- or an external controller can support the specified
- data source, it will create a new volume based on
- the contents of the specified data source. When the
- AnyVolumeDataSource feature gate is enabled, dataSource
- contents will be copied to dataSourceRef, and dataSourceRef
- contents will be copied to dataSource when dataSourceRef.namespace
- is not specified. If the namespace is specified, then
- dataSourceRef will not be copied to dataSource.'
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
properties:
apiGroup:
- description: APIGroup is the group for the resource
- being referenced. If APIGroup is not specified,
- the specified Kind must be in the core API group.
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required.
type: string
kind:
@@ -2774,40 +3093,35 @@ spec:
type: object
x-kubernetes-map-type: atomic
dataSourceRef:
- description: 'dataSourceRef specifies the object from
- which to populate the volume with data, if a non-empty
- volume is desired. This may be any object from a non-empty
- API group (non core object) or a PersistentVolumeClaim
- object. When this field is specified, volume binding
- will only succeed if the type of the specified object
- matches some installed volume populator or dynamic
- provisioner. This field will replace the functionality
- of the dataSource field and as such if both fields
- are non-empty, they must have the same value. For
- backwards compatibility, when namespace isn''t specified
- in dataSourceRef, both fields (dataSource and dataSourceRef)
- will be set to the same value automatically if one
- of them is empty and the other is non-empty. When
- namespace is specified in dataSourceRef, dataSource
- isn''t set to the same value and must be empty. There
- are three important differences between dataSource
- and dataSourceRef: * While dataSource only allows
- two specific types of objects, dataSourceRef allows
- any non-core object, as well as PersistentVolumeClaim
- objects. * While dataSource ignores disallowed values
- (dropping them), dataSourceRef preserves all values,
- and generates an error if a disallowed value is specified.
- * While dataSource only allows local objects, dataSourceRef
- allows objects in any namespaces. (Beta) Using this
- field requires the AnyVolumeDataSource feature gate
- to be enabled. (Alpha) Using the namespace field of
- dataSourceRef requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled.'
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
properties:
apiGroup:
- description: APIGroup is the group for the resource
- being referenced. If APIGroup is not specified,
- the specified Kind must be in the core API group.
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required.
type: string
kind:
@@ -2819,42 +3133,43 @@ spec:
referenced
type: string
namespace:
- description: Namespace is the namespace of resource
- being referenced Note that when a namespace is
- specified, a gateway.networking.k8s.io/ReferenceGrant
- object is required in the referent namespace to
- allow that namespace's owner to accept the reference.
- See the ReferenceGrant documentation for details.
- (Alpha) This field requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled.
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
type: string
required:
- kind
- name
type: object
resources:
- description: 'resources represents the minimum resources
- the volume should have. If RecoverVolumeExpansionFailure
- feature is enabled users are allowed to specify resource
- requirements that are lower than previous value but
- must still be higher than capacity recorded in the
- status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
properties:
claims:
- description: "Claims lists the names of resources,
- defined in spec.resourceClaims, that are used
- by this container. \n This is an alpha field and
- requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable."
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable.
items:
description: ResourceClaim references one entry
in PodSpec.ResourceClaims.
properties:
name:
- description: Name must match the name of one
- entry in pod.spec.resourceClaims of the
- Pod where this field is used. It makes that
- resource available inside a container.
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
type: string
required:
- name
@@ -2870,8 +3185,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
@@ -2880,11 +3196,11 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum amount
- of compute resources required. If Requests is
- omitted for a container, it defaults to Limits
- if that is explicitly specified, otherwise to
- an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
selector:
@@ -2895,26 +3211,25 @@ spec:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
- description: A label selector requirement is a
- selector that contains values, a key, and an
- operator that relates the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty. If the
- operator is Exists or DoesNotExist, the
- values array must be empty. This array is
- replaced during a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -2926,23 +3241,22 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is "In",
- and the values array contains only "value". The
- requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
storageClassName:
- description: 'storageClassName is the name of the StorageClass
- required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
type: string
volumeMode:
- description: volumeMode defines what type of volume
- is required by the claim. Value of Filesystem is implied
- when not included in claim spec.
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
type: string
volumeName:
description: volumeName is the binding reference to
@@ -2971,16 +3285,193 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum amount of compute
- resources required. If Requests is omitted for a container,
- it defaults to Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ securityContext:
+ description: Security context for pod.
+ properties:
+ fsGroup:
+ description: |-
+ A special supplemental group that applies to all containers in a pod.
+ Some volume types allow the Kubelet to change the ownership of that volume
+ to be owned by the pod:
+
+
+ 1. The owning GID will be the FSGroup
+ 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw----
+
+
+ If unset, the Kubelet will not modify the ownership and permissions of any volume.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: |-
+ fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
+ before being exposed inside Pod. This field will only apply to
+ volume types which support fsGroup based ownership(and permissions).
+ It will have no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir.
+ Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in SecurityContext. If set in
+ both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by the containers in this pod.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: |-
+ A list of groups applied to the first process run in each container, in addition
+ to the container's primary GID, the fsGroup (if specified), and group memberships
+ defined in the container image for the uid of the container process. If unspecified,
+ no additional groups are added to any container. Note that group memberships
+ defined in the container image for the uid of the container process are still effective,
+ even if they are not included in this list.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: |-
+ Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
+ sysctls (by the container runtime) might fail to launch.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options within a container's SecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ This field is alpha-level and will only be honored by components that enable the
+ WindowsHostProcessContainers feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod. All of a Pod's containers must
+ have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess is true
+ then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
type: object
service:
- description: 'expose doris components for accessing. example:
- if you want to use `stream load` to load data into doris out
- k8s, you can use be service and config different service type
- for loading data.'
+ description: |-
+ expose doris components for accessing.
+ example: if you want to use `stream load` to load data into doris out k8s, you can use be service and config different service type for loading data.
properties:
annotations:
additionalProperties:
@@ -2989,15 +3480,15 @@ spec:
platform.
type: object
loadBalancerIP:
- description: 'Only applies to Service Type: LoadBalancer.
- This feature depends on whether the underlying cloud-provider
- supports specifying the loadBalancerIP when a load balancer
- is created. This field will be ignored if the cloud-provider
- does not support the feature. This field was under-specified
- and its meaning varies across implementations, and it cannot
- support dual-stack. As of Kubernetes v1.24, users are encouraged
- to use implementation-specific annotations when available.
- This field may be removed in a future API version.'
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ This field was under-specified and its meaning varies across implementations,
+ and it cannot support dual-stack.
+ As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available.
+ This field may be removed in a future API version.
type: string
servicePorts:
description: ServicePort config service for NodePort access
@@ -3006,37 +3497,37 @@ spec:
description: DorisServicePort for ServiceType=NodePort situation.
properties:
nodePort:
- description: 'The port on each node on which this service
- is exposed when type is NodePort or LoadBalancer. Usually
- assigned by the system. If a value is specified, in-range,
- and not in use it will be used, otherwise the operation
- will fail. If not specified, a port will be allocated
- if this Service requires one. If this field is specified
- when creating a Service which does not need it, creation
- will fail. This field will be wiped when updating
- a Service to no longer need it (e.g. changing type
- from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
- need in 30000-32767'
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ need in 30000-32767
format: int32
type: integer
targetPort:
- description: 'Number or name of the port to access on
- the pods targeted by the service. Number must be in
- the range 1 to 65535. Name must be an IANA_SVC_NAME.
- If this is a string, it will be looked up as a named
- port in the target Pod''s container ports. If this
- is not specified, the value of the ''port'' field
- is used (an identity map). This field is ignored for
- services with clusterIP=None, and should be omitted
- or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
format: int32
type: integer
type: object
type: array
type:
- description: 'type of service,the possible value for the service
- type are : ClusterIP, NodePort, LoadBalancer,ExternalName.
- More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ description: |-
+ type of service,the possible value for the service type are : ClusterIP, NodePort, LoadBalancer,ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
type: string
type: object
serviceAccount:
@@ -3064,41 +3555,39 @@ spec:
description: (Optional) Tolerations for scheduling pods onto some
dedicated nodes
items:
- description: The pod this Toleration is attached to tolerates
- any taint that matches the triple using
- the matching operator .
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
properties:
effect:
- description: Effect indicates the taint effect to match.
- Empty means match all taint effects. When specified, allowed
- values are NoSchedule, PreferNoSchedule and NoExecute.
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
- description: Key is the taint key that the toleration applies
- to. Empty means match all taint keys. If the key is empty,
- operator must be Exists; this combination means to match
- all values and all keys.
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
- description: Operator represents a key's relationship to
- the value. Valid operators are Exists and Equal. Defaults
- to Equal. Exists is equivalent to wildcard for value,
- so that a pod can tolerate all taints of a particular
- category.
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
type: string
tolerationSeconds:
- description: TolerationSeconds represents the period of
- time the toleration (which must be of effect NoExecute,
- otherwise this field is ignored) tolerates the taint.
- By default, it is not set, which means tolerate the taint
- forever (do not evict). Zero and negative values will
- be treated as 0 (evict immediately) by the system.
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
- description: Value is the taint value the toleration matches
- to. If the operator is Exists, the value should be empty,
- otherwise just a regular string.
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
@@ -3117,22 +3606,20 @@ spec:
the pod.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the affinity expressions specified
- by this field, but it may choose a node that violates
- one or more of the expressions. The node that is most
- preferred is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node matches the corresponding matchExpressions;
- the node(s) with the highest sum are the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
items:
- description: An empty preferred scheduling term matches
- all objects with implicit weight 0 (i.e. it's a no-op).
- A null preferred scheduling term matches no objects
- (i.e. is also a no-op).
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
properties:
preference:
description: A node selector term, associated with
@@ -3142,32 +3629,26 @@ spec:
description: A list of node selector requirements
by node's labels.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -3180,32 +3661,26 @@ spec:
description: A list of node selector requirements
by node's fields.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -3227,53 +3702,46 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by
- this field are not met at scheduling time, the pod will
- not be scheduled onto the node. If the affinity requirements
- specified by this field cease to be met at some point
- during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from
- its node.
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
properties:
nodeSelectorTerms:
description: Required. A list of node selector terms.
The terms are ORed.
items:
- description: A null or empty node selector term
- matches no objects. The requirements of them are
- ANDed. The TopologySelectorTerm type implements
- a subset of the NodeSelectorTerm.
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -3286,32 +3754,26 @@ spec:
description: A list of node selector requirements
by node's fields.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -3334,18 +3796,16 @@ spec:
other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the affinity expressions specified
- by this field, but it may choose a node that violates
- one or more of the expressions. The node that is most
- preferred is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest sum are
- the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred
@@ -3364,30 +3824,25 @@ spec:
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -3399,53 +3854,45 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by
- this field and the ones listed in the namespaces
- field. null selector and null or empty namespaces
- list means "this pod's namespace". An empty
- selector ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -3457,42 +3904,37 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to.
- The term is applied to the union of the namespaces
- listed in this field and the ones selected
- by namespaceSelector. null or empty namespaces
- list and null namespaceSelector means "this
- pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the
- pods matching the labelSelector in the specified
- namespaces, where co-located is defined as
- running on a node whose value of the label
- with key topologyKey matches that of any node
- on which any of the selected pods is running.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
- description: weight associated with matching the
- corresponding podAffinityTerm, in the range 1-100.
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
format: int32
type: integer
required:
@@ -3501,23 +3943,22 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by
- this field are not met at scheduling time, the pod will
- not be scheduled onto the node. If the affinity requirements
- specified by this field cease to be met at some point
- during pod execution (e.g. due to a pod label update),
- the system may or may not try to eventually evict the
- pod from its node. When there are multiple elements,
- the lists of nodes corresponding to each podAffinityTerm
- are intersected, i.e. all terms must be satisfied.
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s))
- that this pod should be co-located (affinity) or not
- co-located (anti-affinity) with, where co-located
- is defined as running on a node whose value of the
- label with key matches that of any node
- on which a pod of the set of pods is running
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
properties:
labelSelector:
description: A label query over a set of resources,
@@ -3528,28 +3969,24 @@ spec:
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -3562,51 +3999,44 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by this
- field and the ones listed in the namespaces field.
- null selector and null or empty namespaces list
- means "this pod's namespace". An empty selector
- ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -3619,33 +4049,29 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to. The
- term is applied to the union of the namespaces
- listed in this field and the ones selected by
- namespaceSelector. null or empty namespaces list
- and null namespaceSelector means "this pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey
- matches that of any node on which any of the selected
- pods is running. Empty topologyKey is not allowed.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
type: string
required:
- topologyKey
@@ -3658,18 +4084,16 @@ spec:
as some other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the anti-affinity expressions
- specified by this field, but it may choose a node that
- violates one or more of the expressions. The node that
- is most preferred is the one with the greatest sum of
- weights, i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- anti-affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest sum are
- the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred
@@ -3688,30 +4112,25 @@ spec:
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -3723,53 +4142,45 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by
- this field and the ones listed in the namespaces
- field. null selector and null or empty namespaces
- list means "this pod's namespace". An empty
- selector ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -3781,42 +4192,37 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to.
- The term is applied to the union of the namespaces
- listed in this field and the ones selected
- by namespaceSelector. null or empty namespaces
- list and null namespaceSelector means "this
- pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the
- pods matching the labelSelector in the specified
- namespaces, where co-located is defined as
- running on a node whose value of the label
- with key topologyKey matches that of any node
- on which any of the selected pods is running.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
- description: weight associated with matching the
- corresponding podAffinityTerm, in the range 1-100.
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
format: int32
type: integer
required:
@@ -3825,23 +4231,22 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the anti-affinity requirements specified
- by this field are not met at scheduling time, the pod
- will not be scheduled onto the node. If the anti-affinity
- requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod
- label update), the system may or may not try to eventually
- evict the pod from its node. When there are multiple
- elements, the lists of nodes corresponding to each podAffinityTerm
- are intersected, i.e. all terms must be satisfied.
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s))
- that this pod should be co-located (affinity) or not
- co-located (anti-affinity) with, where co-located
- is defined as running on a node whose value of the
- label with key matches that of any node
- on which a pod of the set of pods is running
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
properties:
labelSelector:
description: A label query over a set of resources,
@@ -3852,28 +4257,24 @@ spec:
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -3886,51 +4287,44 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by this
- field and the ones listed in the namespaces field.
- null selector and null or empty namespaces list
- means "this pod's namespace". An empty selector
- ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -3943,33 +4337,29 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to. The
- term is applied to the union of the namespaces
- listed in this field and the ones selected by
- namespaceSelector. null or empty namespaces list
- and null namespaceSelector means "this pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey
- matches that of any node on which any of the selected
- pods is running. Empty topologyKey is not allowed.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
type: string
required:
- topologyKey
@@ -3991,35 +4381,32 @@ spec:
v2.
properties:
behavior:
- description: HorizontalPodAutoscalerBehavior configures
- the scaling behavior of the target. the struct copy
- from k8s.io/api/autoscaling/v2beta2/types.go. the redundancy
- code will hide the restriction about HorizontalPodAutoscaler
- version and kubernetes releases matching issue. the
+ description: |-
+ HorizontalPodAutoscalerBehavior configures the scaling behavior of the target.
+ the struct copy from k8s.io/api/autoscaling/v2beta2/types.go. the redundancy code will hide the restriction about
+ HorizontalPodAutoscaler version and kubernetes releases matching issue.
+ the
properties:
scaleDown:
- description: scaleDown is scaling policy for scaling
- Down. If not set, the default value is to allow
- to scale down to minReplicas pods, with a 300 second
- stabilization window (i.e., the highest recommendation
- for the last 300sec is used).
+ description: |-
+ scaleDown is scaling policy for scaling Down.
+ If not set, the default value is to allow to scale down to minReplicas pods, with a
+ 300 second stabilization window (i.e., the highest recommendation for
+ the last 300sec is used).
properties:
policies:
- description: policies is a list of potential scaling
- polices which can be used during scaling. At
- least one policy must be specified, otherwise
- the HPAScalingRules will be discarded as invalid
+ description: |-
+ policies is a list of potential scaling polices which can be used during scaling.
+ At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
items:
description: HPAScalingPolicy is a single policy
which must hold true for a specified past
interval.
properties:
periodSeconds:
- description: PeriodSeconds specifies the
- window of time for which the policy should
- hold true. PeriodSeconds must be greater
- than zero and less than or equal to 1800
- (30 min).
+ description: |-
+ PeriodSeconds specifies the window of time for which the policy should hold true.
+ PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).
format: int32
type: integer
type:
@@ -4027,8 +4414,8 @@ spec:
scaling policy.
type: string
value:
- description: Value contains the amount of
- change which is permitted by the policy.
+ description: |-
+ Value contains the amount of change which is permitted by the policy.
It must be greater than zero
format: int32
type: integer
@@ -4039,46 +4426,42 @@ spec:
type: object
type: array
selectPolicy:
- description: selectPolicy is used to specify which
- policy should be used. If not set, the default
- value MaxPolicySelect is used.
+ description: |-
+ selectPolicy is used to specify which policy should be used.
+ If not set, the default value MaxPolicySelect is used.
type: string
stabilizationWindowSeconds:
- description: 'StabilizationWindowSeconds is the
- number of seconds for which past recommendations
- should be considered while scaling up or scaling
- down. StabilizationWindowSeconds must be greater
- than or equal to zero and less than or equal
- to 3600 (one hour). If not set, use the default
- values: - For scale up: 0 (i.e. no stabilization
- is done). - For scale down: 300 (i.e. the stabilization
- window is 300 seconds long).'
+ description: |-
+ StabilizationWindowSeconds is the number of seconds for which past recommendations should be
+ considered while scaling up or scaling down.
+ StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour).
+ If not set, use the default values:
+ - For scale up: 0 (i.e. no stabilization is done).
+ - For scale down: 300 (i.e. the stabilization window is 300 seconds long).
format: int32
type: integer
type: object
scaleUp:
- description: 'scaleUp is scaling policy for scaling
- Up. If not set, the default value is the higher
- of: * increase no more than 4 pods per 60 seconds
- * double the number of pods per 60 seconds No stabilization
- is used.'
+ description: |-
+ scaleUp is scaling policy for scaling Up.
+ If not set, the default value is the higher of:
+ * increase no more than 4 pods per 60 seconds
+ * double the number of pods per 60 seconds
+ No stabilization is used.
properties:
policies:
- description: policies is a list of potential scaling
- polices which can be used during scaling. At
- least one policy must be specified, otherwise
- the HPAScalingRules will be discarded as invalid
+ description: |-
+ policies is a list of potential scaling polices which can be used during scaling.
+ At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
items:
description: HPAScalingPolicy is a single policy
which must hold true for a specified past
interval.
properties:
periodSeconds:
- description: PeriodSeconds specifies the
- window of time for which the policy should
- hold true. PeriodSeconds must be greater
- than zero and less than or equal to 1800
- (30 min).
+ description: |-
+ PeriodSeconds specifies the window of time for which the policy should hold true.
+ PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).
format: int32
type: integer
type:
@@ -4086,8 +4469,8 @@ spec:
scaling policy.
type: string
value:
- description: Value contains the amount of
- change which is permitted by the policy.
+ description: |-
+ Value contains the amount of change which is permitted by the policy.
It must be greater than zero
format: int32
type: integer
@@ -4098,47 +4481,41 @@ spec:
type: object
type: array
selectPolicy:
- description: selectPolicy is used to specify which
- policy should be used. If not set, the default
- value MaxPolicySelect is used.
+ description: |-
+ selectPolicy is used to specify which policy should be used.
+ If not set, the default value MaxPolicySelect is used.
type: string
stabilizationWindowSeconds:
- description: 'StabilizationWindowSeconds is the
- number of seconds for which past recommendations
- should be considered while scaling up or scaling
- down. StabilizationWindowSeconds must be greater
- than or equal to zero and less than or equal
- to 3600 (one hour). If not set, use the default
- values: - For scale up: 0 (i.e. no stabilization
- is done). - For scale down: 300 (i.e. the stabilization
- window is 300 seconds long).'
+ description: |-
+ StabilizationWindowSeconds is the number of seconds for which past recommendations should be
+ considered while scaling up or scaling down.
+ StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour).
+ If not set, use the default values:
+ - For scale up: 0 (i.e. no stabilization is done).
+ - For scale down: 300 (i.e. the stabilization window is 300 seconds long).
format: int32
type: integer
type: object
type: object
metrics:
- description: Metrics specifies how to scale based on a
- single metric the struct copy from k8s.io/api/autoscaling/v2beta2/types.go.
- the redundancy code will hide the restriction about
- HorizontalPodAutoscaler version and kubernetes releases
- matching issue. the splice will have unsafe.Pointer
- convert, so be careful to edit the struct fileds.
+ description: |-
+ Metrics specifies how to scale based on a single metric
+ the struct copy from k8s.io/api/autoscaling/v2beta2/types.go. the redundancy code will hide the restriction about
+ HorizontalPodAutoscaler version and kubernetes releases matching issue.
+ the splice will have unsafe.Pointer convert, so be careful to edit the struct fileds.
items:
- description: MetricSpec specifies how to scale based
- on a single metric (only `type` and one other matching
- field should be set at once).
+ description: |-
+ MetricSpec specifies how to scale based on a single metric
+ (only `type` and one other matching field should be set at once).
properties:
containerResource:
- description: container resource refers to a resource
- metric (such as those specified in requests and
- limits) known to Kubernetes describing a single
- container in each pod of the current scale target
- (e.g. CPU or memory). Such metrics are built in
- to Kubernetes, and have special scaling options
- on top of those available to normal per-pod metrics
- using the "pods" source. This is an alpha feature
- and can be enabled by the HPAContainerMetrics
- feature flag.
+ description: |-
+ container resource refers to a resource metric (such as those specified in
+ requests and limits) known to Kubernetes describing a single container in
+ each pod of the current scale target (e.g. CPU or memory). Such metrics are
+ built in to Kubernetes, and have special scaling options on top of those
+ available to normal per-pod metrics using the "pods" source.
+ This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag.
properties:
container:
description: container is the name of the container
@@ -4153,22 +4530,20 @@ spec:
for the given metric
properties:
averageUtilization:
- description: averageUtilization is the target
- value of the average of the resource metric
- across all relevant pods, represented
- as a percentage of the requested value
- of the resource for the pods. Currently
- only valid for Resource metric source
- type
+ description: |-
+ averageUtilization is the target value of the average of the
+ resource metric across all relevant pods, represented as a percentage of
+ the requested value of the resource for the pods.
+ Currently only valid for Resource metric source type
format: int32
type: integer
averageValue:
anyOf:
- type: integer
- type: string
- description: averageValue is the target
- value of the average of the metric across
- all relevant pods (as a quantity)
+ description: |-
+ averageValue is the target value of the average of the
+ metric across all relevant pods (as a quantity)
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type:
@@ -4193,12 +4568,12 @@ spec:
- target
type: object
external:
- description: external refers to a global metric
- that is not associated with any Kubernetes object.
- It allows autoscaling based on information coming
- from components running outside of cluster (for
- example length of queue in cloud messaging service,
- or QPS from loadbalancer running outside of cluster).
+ description: |-
+ external refers to a global metric that is not associated
+ with any Kubernetes object. It allows autoscaling based on information
+ coming from components running outside of cluster
+ (for example length of queue in cloud messaging service, or
+ QPS from loadbalancer running outside of cluster).
properties:
metric:
description: metric identifies the target metric
@@ -4209,23 +4584,19 @@ spec:
metric
type: string
selector:
- description: selector is the string-encoded
- form of a standard kubernetes label selector
- for the given metric When set, it is passed
- as an additional parameter to the metrics
- server for more specific metrics scoping.
- When unset, just the metricName will be
- used to gather metrics.
+ description: |-
+ selector is the string-encoded form of a standard kubernetes label selector for the given metric
+ When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping.
+ When unset, just the metricName will be used to gather metrics.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The
requirements are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label
@@ -4233,20 +4604,16 @@ spec:
to.
type: string
operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -4258,14 +4625,10 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
@@ -4277,22 +4640,20 @@ spec:
for the given metric
properties:
averageUtilization:
- description: averageUtilization is the target
- value of the average of the resource metric
- across all relevant pods, represented
- as a percentage of the requested value
- of the resource for the pods. Currently
- only valid for Resource metric source
- type
+ description: |-
+ averageUtilization is the target value of the average of the
+ resource metric across all relevant pods, represented as a percentage of
+ the requested value of the resource for the pods.
+ Currently only valid for Resource metric source type
format: int32
type: integer
averageValue:
anyOf:
- type: integer
- type: string
- description: averageValue is the target
- value of the average of the metric across
- all relevant pods (as a quantity)
+ description: |-
+ averageValue is the target value of the average of the
+ metric across all relevant pods (as a quantity)
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type:
@@ -4316,9 +4677,9 @@ spec:
- target
type: object
object:
- description: object refers to a metric describing
- a single kubernetes object (for example, hits-per-second
- on an Ingress object).
+ description: |-
+ object refers to a metric describing a single kubernetes object
+ (for example, hits-per-second on an Ingress object).
properties:
describedObject:
description: CrossVersionObjectReference contains
@@ -4349,23 +4710,19 @@ spec:
metric
type: string
selector:
- description: selector is the string-encoded
- form of a standard kubernetes label selector
- for the given metric When set, it is passed
- as an additional parameter to the metrics
- server for more specific metrics scoping.
- When unset, just the metricName will be
- used to gather metrics.
+ description: |-
+ selector is the string-encoded form of a standard kubernetes label selector for the given metric
+ When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping.
+ When unset, just the metricName will be used to gather metrics.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The
requirements are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label
@@ -4373,20 +4730,16 @@ spec:
to.
type: string
operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -4398,14 +4751,10 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
@@ -4417,22 +4766,20 @@ spec:
for the given metric
properties:
averageUtilization:
- description: averageUtilization is the target
- value of the average of the resource metric
- across all relevant pods, represented
- as a percentage of the requested value
- of the resource for the pods. Currently
- only valid for Resource metric source
- type
+ description: |-
+ averageUtilization is the target value of the average of the
+ resource metric across all relevant pods, represented as a percentage of
+ the requested value of the resource for the pods.
+ Currently only valid for Resource metric source type
format: int32
type: integer
averageValue:
anyOf:
- type: integer
- type: string
- description: averageValue is the target
- value of the average of the metric across
- all relevant pods (as a quantity)
+ description: |-
+ averageValue is the target value of the average of the
+ metric across all relevant pods (as a quantity)
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type:
@@ -4457,11 +4804,10 @@ spec:
- target
type: object
pods:
- description: pods refers to a metric describing
- each pod in the current scale target (for example,
- transactions-processed-per-second). The values
- will be averaged together before being compared
- to the target value.
+ description: |-
+ pods refers to a metric describing each pod in the current scale target
+ (for example, transactions-processed-per-second). The values will be
+ averaged together before being compared to the target value.
properties:
metric:
description: metric identifies the target metric
@@ -4472,23 +4818,19 @@ spec:
metric
type: string
selector:
- description: selector is the string-encoded
- form of a standard kubernetes label selector
- for the given metric When set, it is passed
- as an additional parameter to the metrics
- server for more specific metrics scoping.
- When unset, just the metricName will be
- used to gather metrics.
+ description: |-
+ selector is the string-encoded form of a standard kubernetes label selector for the given metric
+ When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping.
+ When unset, just the metricName will be used to gather metrics.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The
requirements are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label
@@ -4496,20 +4838,16 @@ spec:
to.
type: string
operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -4521,14 +4859,10 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
@@ -4540,22 +4874,20 @@ spec:
for the given metric
properties:
averageUtilization:
- description: averageUtilization is the target
- value of the average of the resource metric
- across all relevant pods, represented
- as a percentage of the requested value
- of the resource for the pods. Currently
- only valid for Resource metric source
- type
+ description: |-
+ averageUtilization is the target value of the average of the
+ resource metric across all relevant pods, represented as a percentage of
+ the requested value of the resource for the pods.
+ Currently only valid for Resource metric source type
format: int32
type: integer
averageValue:
anyOf:
- type: integer
- type: string
- description: averageValue is the target
- value of the average of the metric across
- all relevant pods (as a quantity)
+ description: |-
+ averageValue is the target value of the average of the
+ metric across all relevant pods (as a quantity)
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type:
@@ -4579,13 +4911,12 @@ spec:
- target
type: object
resource:
- description: resource refers to a resource metric
- (such as those specified in requests and limits)
- known to Kubernetes describing each pod in the
- current scale target (e.g. CPU or memory). Such
- metrics are built in to Kubernetes, and have special
- scaling options on top of those available to normal
- per-pod metrics using the "pods" source.
+ description: |-
+ resource refers to a resource metric (such as those specified in
+ requests and limits) known to Kubernetes describing each pod in the
+ current scale target (e.g. CPU or memory). Such metrics are built in to
+ Kubernetes, and have special scaling options on top of those available
+ to normal per-pod metrics using the "pods" source.
properties:
name:
description: name is the name of the resource
@@ -4596,22 +4927,20 @@ spec:
for the given metric
properties:
averageUtilization:
- description: averageUtilization is the target
- value of the average of the resource metric
- across all relevant pods, represented
- as a percentage of the requested value
- of the resource for the pods. Currently
- only valid for Resource metric source
- type
+ description: |-
+ averageUtilization is the target value of the average of the
+ resource metric across all relevant pods, represented as a percentage of
+ the requested value of the resource for the pods.
+ Currently only valid for Resource metric source type
format: int32
type: integer
averageValue:
anyOf:
- type: integer
- type: string
- description: averageValue is the target
- value of the average of the metric across
- all relevant pods (as a quantity)
+ description: |-
+ averageValue is the target value of the average of the
+ metric across all relevant pods (as a quantity)
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type:
@@ -4635,12 +4964,11 @@ spec:
- target
type: object
type:
- description: 'type is the type of metric source. It
- should be one of "ContainerResource", "External",
- "Object", "Pods" or "Resource", each mapping to
- a matching field in the object. Note: "ContainerResource"
- type is available on when the feature-gate HPAContainerMetrics
- is enabled'
+ description: |-
+ type is the type of metric source. It should be one of "ContainerResource", "External",
+ "Object", "Pods" or "Resource", each mapping to a matching field in the object.
+ Note: "ContainerResource" type is available on when the feature-gate
+ HPAContainerMetrics is enabled
type: string
required:
- type
@@ -4662,17 +4990,24 @@ spec:
type: string
type: object
claims:
- description: "Claims lists the names of resources, defined in
- spec.resourceClaims, that are used by this container. \n This
- is an alpha field and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable."
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
- description: Name must match the name of one entry in pod.spec.resourceClaims
- of the Pod where this field is used. It makes that resource
- available inside a container.
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
type: string
required:
- name
@@ -4685,38 +5020,206 @@ spec:
description: the reference for cn configMap.
properties:
configMapName:
- description: ConfigMapName mapped the configuration files
- in the doris 'conf/' directory. such as 'fe.conf', 'be.conf'.
- If HDFS access is involved, there may also be 'core-site.xml'
- and other files. doris-operator mounts these configuration
- files in the '/etc/doris' directory by default. links them
- to the 'conf/' directory of the doris component through
- soft links.
+ description: |-
+ ConfigMapName mapped the configuration files in the doris 'conf/' directory.
+ such as 'fe.conf', 'be.conf'. If HDFS access is involved, there may also be 'core-site.xml' and other files.
+ doris-operator mounts these configuration files in the '/etc/doris' directory by default.
+ links them to the 'conf/' directory of the doris component through soft links.
type: string
configMaps:
- description: ConfigMaps can mount multiple configmaps to the
- specified path. The mounting path of configmap cannot be
- repeated.
+ description: |-
+ ConfigMaps can mount multiple configmaps to the specified path.
+ The mounting path of configmap cannot be repeated.
items:
properties:
configMapName:
description: name of configmap that needs to mount.
type: string
mountPath:
- description: Current ConfigMap Mount Path. If MountConfigMapInfo
- belongs to the same ConfigMapInfo, their MountPath
- cannot be repeated.
+ description: |-
+ Current ConfigMap Mount Path.
+ If MountConfigMapInfo belongs to the same ConfigMapInfo, their MountPath cannot be repeated.
type: string
type: object
type: array
resolveKey:
- description: 'Deprecated: This configuration has been abandoned
- and will be cleared in version 1.7.0. It is currently forced
- to be ''fe.conf'', ''be.conf'', ''apache_hdfs_broker.conf''
- It is no longer effective. the configuration content will
- not take effect.'
+ description: |-
+ Deprecated: This configuration has been abandoned and will be cleared in version 1.7.0.
+ It is currently forced to be 'fe.conf', 'be.conf', 'apache_hdfs_broker.conf'
+ It is no longer effective. the configuration content will not take effect.
type: string
type: object
+ containerSecurityContext:
+ description: Security context for all containers running in the
+ pod (unless they override it).
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ This field is alpha-level and will only be honored by components that enable the
+ WindowsHostProcessContainers feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod. All of a Pod's containers must
+ have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess is true
+ then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
envVars:
description: cnEnvVars is a slice of environment variables that
are added to the pods, the default is empty.
@@ -4729,15 +5232,16 @@ spec:
C_IDENTIFIER.
type: string
value:
- description: 'Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in
- the container and any service environment variables. If
- a variable cannot be resolved, the reference in the input
- string will be unchanged. Double $$ are reduced to a single
- $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Defaults to "".'
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value.
@@ -4750,9 +5254,10 @@ spec:
description: The key to select.
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its
@@ -4763,11 +5268,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
fieldRef:
- description: 'Selects a field of the pod: supports metadata.name,
- metadata.namespace, `metadata.labels['''']`,
- `metadata.annotations['''']`, spec.nodeName,
- spec.serviceAccountName, status.hostIP, status.podIP,
- status.podIPs.'
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema the FieldPath
@@ -4782,10 +5285,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
- description: 'Selects a resource of the container: only
- resources limits and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu, requests.memory
- and requests.ephemeral-storage) are currently supported.'
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required for volumes,
@@ -4815,9 +5317,10 @@ spec:
be a valid secret key.
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key
@@ -4854,19 +5357,14 @@ spec:
type: integer
type: object
type: object
- fsGroup:
- description: 'A special supplemental group that applies to all
- containers in a pod. Some volume types allow the Kubelet to
- change the ownership of that volume to be owned by the pod:'
- format: int64
- type: integer
hostAliases:
- description: HostAliases is an optional list of hosts and IPs
- that will be injected into the pod's hosts file if specified.
- This is only valid for non-hostNetwork pods.
+ description: |-
+ HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
+ file if specified. This is only valid for non-hostNetwork pods.
items:
- description: HostAlias holds the mapping between IP and hostnames
- that will be injected as an entry in the pod's hosts file.
+ description: |-
+ HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
+ pod's hosts file.
properties:
hostnames:
description: Hostnames for the above IP address.
@@ -4882,18 +5380,20 @@ spec:
description: Image for a doris cn deployment.
type: string
imagePullSecrets:
- description: 'ImagePullSecrets is an optional list of references
- to secrets in the same namespace to use for pulling any of the
- images used by this PodSpec. If specified, these secrets will
- be passed to individual puller implementations for them to use.
- More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
+ description: |-
+ ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ If specified, these secrets will be passed to individual puller implementations for them to use.
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
items:
- description: LocalObjectReference contains enough information
- to let you locate the referenced object inside the same namespace.
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
@@ -4905,8 +5405,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
nodeSelector:
additionalProperties:
@@ -4930,28 +5431,27 @@ spec:
spec about storage that pods are required.
properties:
accessModes:
- description: 'accessModes contains the desired access
- modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
items:
type: string
type: array
dataSource:
- description: 'dataSource field can be used to specify
- either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim) If the provisioner
- or an external controller can support the specified
- data source, it will create a new volume based on
- the contents of the specified data source. When the
- AnyVolumeDataSource feature gate is enabled, dataSource
- contents will be copied to dataSourceRef, and dataSourceRef
- contents will be copied to dataSource when dataSourceRef.namespace
- is not specified. If the namespace is specified, then
- dataSourceRef will not be copied to dataSource.'
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
properties:
apiGroup:
- description: APIGroup is the group for the resource
- being referenced. If APIGroup is not specified,
- the specified Kind must be in the core API group.
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required.
type: string
kind:
@@ -4968,40 +5468,35 @@ spec:
type: object
x-kubernetes-map-type: atomic
dataSourceRef:
- description: 'dataSourceRef specifies the object from
- which to populate the volume with data, if a non-empty
- volume is desired. This may be any object from a non-empty
- API group (non core object) or a PersistentVolumeClaim
- object. When this field is specified, volume binding
- will only succeed if the type of the specified object
- matches some installed volume populator or dynamic
- provisioner. This field will replace the functionality
- of the dataSource field and as such if both fields
- are non-empty, they must have the same value. For
- backwards compatibility, when namespace isn''t specified
- in dataSourceRef, both fields (dataSource and dataSourceRef)
- will be set to the same value automatically if one
- of them is empty and the other is non-empty. When
- namespace is specified in dataSourceRef, dataSource
- isn''t set to the same value and must be empty. There
- are three important differences between dataSource
- and dataSourceRef: * While dataSource only allows
- two specific types of objects, dataSourceRef allows
- any non-core object, as well as PersistentVolumeClaim
- objects. * While dataSource ignores disallowed values
- (dropping them), dataSourceRef preserves all values,
- and generates an error if a disallowed value is specified.
- * While dataSource only allows local objects, dataSourceRef
- allows objects in any namespaces. (Beta) Using this
- field requires the AnyVolumeDataSource feature gate
- to be enabled. (Alpha) Using the namespace field of
- dataSourceRef requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled.'
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
properties:
apiGroup:
- description: APIGroup is the group for the resource
- being referenced. If APIGroup is not specified,
- the specified Kind must be in the core API group.
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required.
type: string
kind:
@@ -5013,42 +5508,43 @@ spec:
referenced
type: string
namespace:
- description: Namespace is the namespace of resource
- being referenced Note that when a namespace is
- specified, a gateway.networking.k8s.io/ReferenceGrant
- object is required in the referent namespace to
- allow that namespace's owner to accept the reference.
- See the ReferenceGrant documentation for details.
- (Alpha) This field requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled.
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
type: string
required:
- kind
- name
type: object
resources:
- description: 'resources represents the minimum resources
- the volume should have. If RecoverVolumeExpansionFailure
- feature is enabled users are allowed to specify resource
- requirements that are lower than previous value but
- must still be higher than capacity recorded in the
- status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
properties:
claims:
- description: "Claims lists the names of resources,
- defined in spec.resourceClaims, that are used
- by this container. \n This is an alpha field and
- requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable."
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable.
items:
description: ResourceClaim references one entry
in PodSpec.ResourceClaims.
properties:
name:
- description: Name must match the name of one
- entry in pod.spec.resourceClaims of the
- Pod where this field is used. It makes that
- resource available inside a container.
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
type: string
required:
- name
@@ -5064,8 +5560,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
@@ -5074,11 +5571,11 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum amount
- of compute resources required. If Requests is
- omitted for a container, it defaults to Limits
- if that is explicitly specified, otherwise to
- an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
selector:
@@ -5089,26 +5586,25 @@ spec:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
- description: A label selector requirement is a
- selector that contains values, a key, and an
- operator that relates the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty. If the
- operator is Exists or DoesNotExist, the
- values array must be empty. This array is
- replaced during a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -5120,23 +5616,22 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is "In",
- and the values array contains only "value". The
- requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
storageClassName:
- description: 'storageClassName is the name of the StorageClass
- required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
type: string
volumeMode:
- description: volumeMode defines what type of volume
- is required by the claim. Value of Filesystem is implied
- when not included in claim spec.
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
type: string
volumeName:
description: volumeName is the binding reference to
@@ -5165,16 +5660,193 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum amount of compute
- resources required. If Requests is omitted for a container,
- it defaults to Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ securityContext:
+ description: Security context for pod.
+ properties:
+ fsGroup:
+ description: |-
+ A special supplemental group that applies to all containers in a pod.
+ Some volume types allow the Kubelet to change the ownership of that volume
+ to be owned by the pod:
+
+
+ 1. The owning GID will be the FSGroup
+ 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw----
+
+
+ If unset, the Kubelet will not modify the ownership and permissions of any volume.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: |-
+ fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
+ before being exposed inside Pod. This field will only apply to
+ volume types which support fsGroup based ownership(and permissions).
+ It will have no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir.
+ Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in SecurityContext. If set in
+ both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by the containers in this pod.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: |-
+ A list of groups applied to the first process run in each container, in addition
+ to the container's primary GID, the fsGroup (if specified), and group memberships
+ defined in the container image for the uid of the container process. If unspecified,
+ no additional groups are added to any container. Note that group memberships
+ defined in the container image for the uid of the container process are still effective,
+ even if they are not included in this list.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: |-
+ Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
+ sysctls (by the container runtime) might fail to launch.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options within a container's SecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ This field is alpha-level and will only be honored by components that enable the
+ WindowsHostProcessContainers feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod. All of a Pod's containers must
+ have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess is true
+ then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
type: object
service:
- description: 'expose doris components for accessing. example:
- if you want to use `stream load` to load data into doris out
- k8s, you can use be service and config different service type
- for loading data.'
+ description: |-
+ expose doris components for accessing.
+ example: if you want to use `stream load` to load data into doris out k8s, you can use be service and config different service type for loading data.
properties:
annotations:
additionalProperties:
@@ -5183,15 +5855,15 @@ spec:
platform.
type: object
loadBalancerIP:
- description: 'Only applies to Service Type: LoadBalancer.
- This feature depends on whether the underlying cloud-provider
- supports specifying the loadBalancerIP when a load balancer
- is created. This field will be ignored if the cloud-provider
- does not support the feature. This field was under-specified
- and its meaning varies across implementations, and it cannot
- support dual-stack. As of Kubernetes v1.24, users are encouraged
- to use implementation-specific annotations when available.
- This field may be removed in a future API version.'
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ This field was under-specified and its meaning varies across implementations,
+ and it cannot support dual-stack.
+ As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available.
+ This field may be removed in a future API version.
type: string
servicePorts:
description: ServicePort config service for NodePort access
@@ -5200,37 +5872,37 @@ spec:
description: DorisServicePort for ServiceType=NodePort situation.
properties:
nodePort:
- description: 'The port on each node on which this service
- is exposed when type is NodePort or LoadBalancer. Usually
- assigned by the system. If a value is specified, in-range,
- and not in use it will be used, otherwise the operation
- will fail. If not specified, a port will be allocated
- if this Service requires one. If this field is specified
- when creating a Service which does not need it, creation
- will fail. This field will be wiped when updating
- a Service to no longer need it (e.g. changing type
- from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
- need in 30000-32767'
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ need in 30000-32767
format: int32
type: integer
targetPort:
- description: 'Number or name of the port to access on
- the pods targeted by the service. Number must be in
- the range 1 to 65535. Name must be an IANA_SVC_NAME.
- If this is a string, it will be looked up as a named
- port in the target Pod''s container ports. If this
- is not specified, the value of the ''port'' field
- is used (an identity map). This field is ignored for
- services with clusterIP=None, and should be omitted
- or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
format: int32
type: integer
type: object
type: array
type:
- description: 'type of service,the possible value for the service
- type are : ClusterIP, NodePort, LoadBalancer,ExternalName.
- More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ description: |-
+ type of service,the possible value for the service type are : ClusterIP, NodePort, LoadBalancer,ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
type: string
type: object
serviceAccount:
@@ -5258,41 +5930,39 @@ spec:
description: (Optional) Tolerations for scheduling pods onto some
dedicated nodes
items:
- description: The pod this Toleration is attached to tolerates
- any taint that matches the triple using
- the matching operator .
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
properties:
effect:
- description: Effect indicates the taint effect to match.
- Empty means match all taint effects. When specified, allowed
- values are NoSchedule, PreferNoSchedule and NoExecute.
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
- description: Key is the taint key that the toleration applies
- to. Empty means match all taint keys. If the key is empty,
- operator must be Exists; this combination means to match
- all values and all keys.
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
- description: Operator represents a key's relationship to
- the value. Valid operators are Exists and Equal. Defaults
- to Equal. Exists is equivalent to wildcard for value,
- so that a pod can tolerate all taints of a particular
- category.
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
type: string
tolerationSeconds:
- description: TolerationSeconds represents the period of
- time the toleration (which must be of effect NoExecute,
- otherwise this field is ignored) tolerates the taint.
- By default, it is not set, which means tolerate the taint
- forever (do not evict). Zero and negative values will
- be treated as 0 (evict immediately) by the system.
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
- description: Value is the taint value the toleration matches
- to. If the operator is Exists, the value should be empty,
- otherwise just a regular string.
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
@@ -5311,22 +5981,20 @@ spec:
the pod.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the affinity expressions specified
- by this field, but it may choose a node that violates
- one or more of the expressions. The node that is most
- preferred is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node matches the corresponding matchExpressions;
- the node(s) with the highest sum are the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
items:
- description: An empty preferred scheduling term matches
- all objects with implicit weight 0 (i.e. it's a no-op).
- A null preferred scheduling term matches no objects
- (i.e. is also a no-op).
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
properties:
preference:
description: A node selector term, associated with
@@ -5336,32 +6004,26 @@ spec:
description: A list of node selector requirements
by node's labels.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -5374,32 +6036,26 @@ spec:
description: A list of node selector requirements
by node's fields.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -5421,53 +6077,46 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by
- this field are not met at scheduling time, the pod will
- not be scheduled onto the node. If the affinity requirements
- specified by this field cease to be met at some point
- during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from
- its node.
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
properties:
nodeSelectorTerms:
description: Required. A list of node selector terms.
The terms are ORed.
items:
- description: A null or empty node selector term
- matches no objects. The requirements of them are
- ANDed. The TopologySelectorTerm type implements
- a subset of the NodeSelectorTerm.
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -5480,32 +6129,26 @@ spec:
description: A list of node selector requirements
by node's fields.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -5528,18 +6171,16 @@ spec:
other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the affinity expressions specified
- by this field, but it may choose a node that violates
- one or more of the expressions. The node that is most
- preferred is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest sum are
- the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred
@@ -5558,30 +6199,25 @@ spec:
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -5593,53 +6229,45 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by
- this field and the ones listed in the namespaces
- field. null selector and null or empty namespaces
- list means "this pod's namespace". An empty
- selector ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -5651,42 +6279,37 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to.
- The term is applied to the union of the namespaces
- listed in this field and the ones selected
- by namespaceSelector. null or empty namespaces
- list and null namespaceSelector means "this
- pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the
- pods matching the labelSelector in the specified
- namespaces, where co-located is defined as
- running on a node whose value of the label
- with key topologyKey matches that of any node
- on which any of the selected pods is running.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
- description: weight associated with matching the
- corresponding podAffinityTerm, in the range 1-100.
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
format: int32
type: integer
required:
@@ -5695,23 +6318,22 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by
- this field are not met at scheduling time, the pod will
- not be scheduled onto the node. If the affinity requirements
- specified by this field cease to be met at some point
- during pod execution (e.g. due to a pod label update),
- the system may or may not try to eventually evict the
- pod from its node. When there are multiple elements,
- the lists of nodes corresponding to each podAffinityTerm
- are intersected, i.e. all terms must be satisfied.
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s))
- that this pod should be co-located (affinity) or not
- co-located (anti-affinity) with, where co-located
- is defined as running on a node whose value of the
- label with key matches that of any node
- on which a pod of the set of pods is running
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
properties:
labelSelector:
description: A label query over a set of resources,
@@ -5722,28 +6344,24 @@ spec:
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -5756,51 +6374,44 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by this
- field and the ones listed in the namespaces field.
- null selector and null or empty namespaces list
- means "this pod's namespace". An empty selector
- ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -5813,33 +6424,29 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to. The
- term is applied to the union of the namespaces
- listed in this field and the ones selected by
- namespaceSelector. null or empty namespaces list
- and null namespaceSelector means "this pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey
- matches that of any node on which any of the selected
- pods is running. Empty topologyKey is not allowed.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
type: string
required:
- topologyKey
@@ -5852,18 +6459,16 @@ spec:
as some other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the anti-affinity expressions
- specified by this field, but it may choose a node that
- violates one or more of the expressions. The node that
- is most preferred is the one with the greatest sum of
- weights, i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- anti-affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest sum are
- the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred
@@ -5882,30 +6487,25 @@ spec:
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -5917,53 +6517,45 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by
- this field and the ones listed in the namespaces
- field. null selector and null or empty namespaces
- list means "this pod's namespace". An empty
- selector ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -5975,42 +6567,37 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to.
- The term is applied to the union of the namespaces
- listed in this field and the ones selected
- by namespaceSelector. null or empty namespaces
- list and null namespaceSelector means "this
- pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the
- pods matching the labelSelector in the specified
- namespaces, where co-located is defined as
- running on a node whose value of the label
- with key topologyKey matches that of any node
- on which any of the selected pods is running.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
- description: weight associated with matching the
- corresponding podAffinityTerm, in the range 1-100.
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
format: int32
type: integer
required:
@@ -6019,23 +6606,22 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the anti-affinity requirements specified
- by this field are not met at scheduling time, the pod
- will not be scheduled onto the node. If the anti-affinity
- requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod
- label update), the system may or may not try to eventually
- evict the pod from its node. When there are multiple
- elements, the lists of nodes corresponding to each podAffinityTerm
- are intersected, i.e. all terms must be satisfied.
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s))
- that this pod should be co-located (affinity) or not
- co-located (anti-affinity) with, where co-located
- is defined as running on a node whose value of the
- label with key matches that of any node
- on which a pod of the set of pods is running
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
properties:
labelSelector:
description: A label query over a set of resources,
@@ -6046,28 +6632,24 @@ spec:
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -6080,51 +6662,44 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by this
- field and the ones listed in the namespaces field.
- null selector and null or empty namespaces list
- means "this pod's namespace". An empty selector
- ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -6137,33 +6712,29 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to. The
- term is applied to the union of the namespaces
- listed in this field and the ones selected by
- namespaceSelector. null or empty namespaces list
- and null namespaceSelector means "this pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey
- matches that of any node on which any of the selected
- pods is running. Empty topologyKey is not allowed.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
type: string
required:
- topologyKey
@@ -6178,17 +6749,24 @@ spec:
for collect to monitor system.
type: object
claims:
- description: "Claims lists the names of resources, defined in
- spec.resourceClaims, that are used by this container. \n This
- is an alpha field and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable."
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
- description: Name must match the name of one entry in pod.spec.resourceClaims
- of the Pod where this field is used. It makes that resource
- available inside a container.
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
type: string
required:
- name
@@ -6201,38 +6779,206 @@ spec:
description: the reference for cn configMap.
properties:
configMapName:
- description: ConfigMapName mapped the configuration files
- in the doris 'conf/' directory. such as 'fe.conf', 'be.conf'.
- If HDFS access is involved, there may also be 'core-site.xml'
- and other files. doris-operator mounts these configuration
- files in the '/etc/doris' directory by default. links them
- to the 'conf/' directory of the doris component through
- soft links.
+ description: |-
+ ConfigMapName mapped the configuration files in the doris 'conf/' directory.
+ such as 'fe.conf', 'be.conf'. If HDFS access is involved, there may also be 'core-site.xml' and other files.
+ doris-operator mounts these configuration files in the '/etc/doris' directory by default.
+ links them to the 'conf/' directory of the doris component through soft links.
type: string
configMaps:
- description: ConfigMaps can mount multiple configmaps to the
- specified path. The mounting path of configmap cannot be
- repeated.
+ description: |-
+ ConfigMaps can mount multiple configmaps to the specified path.
+ The mounting path of configmap cannot be repeated.
items:
properties:
configMapName:
description: name of configmap that needs to mount.
type: string
mountPath:
- description: Current ConfigMap Mount Path. If MountConfigMapInfo
- belongs to the same ConfigMapInfo, their MountPath
- cannot be repeated.
+ description: |-
+ Current ConfigMap Mount Path.
+ If MountConfigMapInfo belongs to the same ConfigMapInfo, their MountPath cannot be repeated.
type: string
type: object
type: array
resolveKey:
- description: 'Deprecated: This configuration has been abandoned
- and will be cleared in version 1.7.0. It is currently forced
- to be ''fe.conf'', ''be.conf'', ''apache_hdfs_broker.conf''
- It is no longer effective. the configuration content will
- not take effect.'
+ description: |-
+ Deprecated: This configuration has been abandoned and will be cleared in version 1.7.0.
+ It is currently forced to be 'fe.conf', 'be.conf', 'apache_hdfs_broker.conf'
+ It is no longer effective. the configuration content will not take effect.
type: string
type: object
+ containerSecurityContext:
+ description: Security context for all containers running in the
+ pod (unless they override it).
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ This field is alpha-level and will only be honored by components that enable the
+ WindowsHostProcessContainers feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod. All of a Pod's containers must
+ have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess is true
+ then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
electionNumber:
description: the number of fe in election. electionNumber <= replicas,
left as observers. default value=3
@@ -6250,15 +6996,16 @@ spec:
C_IDENTIFIER.
type: string
value:
- description: 'Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in
- the container and any service environment variables. If
- a variable cannot be resolved, the reference in the input
- string will be unchanged. Double $$ are reduced to a single
- $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Defaults to "".'
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value.
@@ -6271,9 +7018,10 @@ spec:
description: The key to select.
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its
@@ -6284,11 +7032,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
fieldRef:
- description: 'Selects a field of the pod: supports metadata.name,
- metadata.namespace, `metadata.labels['''']`,
- `metadata.annotations['''']`, spec.nodeName,
- spec.serviceAccountName, status.hostIP, status.podIP,
- status.podIPs.'
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema the FieldPath
@@ -6303,10 +7049,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
- description: 'Selects a resource of the container: only
- resources limits and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu, requests.memory
- and requests.ephemeral-storage) are currently supported.'
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required for volumes,
@@ -6336,9 +7081,10 @@ spec:
be a valid secret key.
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key
@@ -6375,19 +7121,14 @@ spec:
type: integer
type: object
type: object
- fsGroup:
- description: 'A special supplemental group that applies to all
- containers in a pod. Some volume types allow the Kubelet to
- change the ownership of that volume to be owned by the pod:'
- format: int64
- type: integer
hostAliases:
- description: HostAliases is an optional list of hosts and IPs
- that will be injected into the pod's hosts file if specified.
- This is only valid for non-hostNetwork pods.
+ description: |-
+ HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
+ file if specified. This is only valid for non-hostNetwork pods.
items:
- description: HostAlias holds the mapping between IP and hostnames
- that will be injected as an entry in the pod's hosts file.
+ description: |-
+ HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
+ pod's hosts file.
properties:
hostnames:
description: Hostnames for the above IP address.
@@ -6403,18 +7144,20 @@ spec:
description: Image for a doris cn deployment.
type: string
imagePullSecrets:
- description: 'ImagePullSecrets is an optional list of references
- to secrets in the same namespace to use for pulling any of the
- images used by this PodSpec. If specified, these secrets will
- be passed to individual puller implementations for them to use.
- More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
+ description: |-
+ ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ If specified, these secrets will be passed to individual puller implementations for them to use.
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
items:
- description: LocalObjectReference contains enough information
- to let you locate the referenced object inside the same namespace.
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
@@ -6426,8 +7169,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
nodeSelector:
additionalProperties:
@@ -6451,28 +7195,27 @@ spec:
spec about storage that pods are required.
properties:
accessModes:
- description: 'accessModes contains the desired access
- modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
items:
type: string
type: array
dataSource:
- description: 'dataSource field can be used to specify
- either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim) If the provisioner
- or an external controller can support the specified
- data source, it will create a new volume based on
- the contents of the specified data source. When the
- AnyVolumeDataSource feature gate is enabled, dataSource
- contents will be copied to dataSourceRef, and dataSourceRef
- contents will be copied to dataSource when dataSourceRef.namespace
- is not specified. If the namespace is specified, then
- dataSourceRef will not be copied to dataSource.'
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
properties:
apiGroup:
- description: APIGroup is the group for the resource
- being referenced. If APIGroup is not specified,
- the specified Kind must be in the core API group.
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required.
type: string
kind:
@@ -6489,40 +7232,35 @@ spec:
type: object
x-kubernetes-map-type: atomic
dataSourceRef:
- description: 'dataSourceRef specifies the object from
- which to populate the volume with data, if a non-empty
- volume is desired. This may be any object from a non-empty
- API group (non core object) or a PersistentVolumeClaim
- object. When this field is specified, volume binding
- will only succeed if the type of the specified object
- matches some installed volume populator or dynamic
- provisioner. This field will replace the functionality
- of the dataSource field and as such if both fields
- are non-empty, they must have the same value. For
- backwards compatibility, when namespace isn''t specified
- in dataSourceRef, both fields (dataSource and dataSourceRef)
- will be set to the same value automatically if one
- of them is empty and the other is non-empty. When
- namespace is specified in dataSourceRef, dataSource
- isn''t set to the same value and must be empty. There
- are three important differences between dataSource
- and dataSourceRef: * While dataSource only allows
- two specific types of objects, dataSourceRef allows
- any non-core object, as well as PersistentVolumeClaim
- objects. * While dataSource ignores disallowed values
- (dropping them), dataSourceRef preserves all values,
- and generates an error if a disallowed value is specified.
- * While dataSource only allows local objects, dataSourceRef
- allows objects in any namespaces. (Beta) Using this
- field requires the AnyVolumeDataSource feature gate
- to be enabled. (Alpha) Using the namespace field of
- dataSourceRef requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled.'
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
properties:
apiGroup:
- description: APIGroup is the group for the resource
- being referenced. If APIGroup is not specified,
- the specified Kind must be in the core API group.
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required.
type: string
kind:
@@ -6534,42 +7272,43 @@ spec:
referenced
type: string
namespace:
- description: Namespace is the namespace of resource
- being referenced Note that when a namespace is
- specified, a gateway.networking.k8s.io/ReferenceGrant
- object is required in the referent namespace to
- allow that namespace's owner to accept the reference.
- See the ReferenceGrant documentation for details.
- (Alpha) This field requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled.
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
type: string
required:
- kind
- name
type: object
resources:
- description: 'resources represents the minimum resources
- the volume should have. If RecoverVolumeExpansionFailure
- feature is enabled users are allowed to specify resource
- requirements that are lower than previous value but
- must still be higher than capacity recorded in the
- status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
properties:
claims:
- description: "Claims lists the names of resources,
- defined in spec.resourceClaims, that are used
- by this container. \n This is an alpha field and
- requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable."
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable.
items:
description: ResourceClaim references one entry
in PodSpec.ResourceClaims.
properties:
name:
- description: Name must match the name of one
- entry in pod.spec.resourceClaims of the
- Pod where this field is used. It makes that
- resource available inside a container.
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
type: string
required:
- name
@@ -6585,8 +7324,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
@@ -6595,11 +7335,11 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum amount
- of compute resources required. If Requests is
- omitted for a container, it defaults to Limits
- if that is explicitly specified, otherwise to
- an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
selector:
@@ -6610,26 +7350,25 @@ spec:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
- description: A label selector requirement is a
- selector that contains values, a key, and an
- operator that relates the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty. If the
- operator is Exists or DoesNotExist, the
- values array must be empty. This array is
- replaced during a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -6641,23 +7380,22 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is "In",
- and the values array contains only "value". The
- requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
storageClassName:
- description: 'storageClassName is the name of the StorageClass
- required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
type: string
volumeMode:
- description: volumeMode defines what type of volume
- is required by the claim. Value of Filesystem is implied
- when not included in claim spec.
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
type: string
volumeName:
description: volumeName is the binding reference to
@@ -6686,16 +7424,193 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum amount of compute
- resources required. If Requests is omitted for a container,
- it defaults to Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ securityContext:
+ description: Security context for pod.
+ properties:
+ fsGroup:
+ description: |-
+ A special supplemental group that applies to all containers in a pod.
+ Some volume types allow the Kubelet to change the ownership of that volume
+ to be owned by the pod:
+
+
+ 1. The owning GID will be the FSGroup
+ 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw----
+
+
+ If unset, the Kubelet will not modify the ownership and permissions of any volume.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: |-
+ fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
+ before being exposed inside Pod. This field will only apply to
+ volume types which support fsGroup based ownership(and permissions).
+ It will have no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir.
+ Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in SecurityContext. If set in
+ both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by the containers in this pod.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: |-
+ A list of groups applied to the first process run in each container, in addition
+ to the container's primary GID, the fsGroup (if specified), and group memberships
+ defined in the container image for the uid of the container process. If unspecified,
+ no additional groups are added to any container. Note that group memberships
+ defined in the container image for the uid of the container process are still effective,
+ even if they are not included in this list.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: |-
+ Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
+ sysctls (by the container runtime) might fail to launch.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options within a container's SecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ This field is alpha-level and will only be honored by components that enable the
+ WindowsHostProcessContainers feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod. All of a Pod's containers must
+ have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess is true
+ then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
type: object
service:
- description: 'expose doris components for accessing. example:
- if you want to use `stream load` to load data into doris out
- k8s, you can use be service and config different service type
- for loading data.'
+ description: |-
+ expose doris components for accessing.
+ example: if you want to use `stream load` to load data into doris out k8s, you can use be service and config different service type for loading data.
properties:
annotations:
additionalProperties:
@@ -6704,15 +7619,15 @@ spec:
platform.
type: object
loadBalancerIP:
- description: 'Only applies to Service Type: LoadBalancer.
- This feature depends on whether the underlying cloud-provider
- supports specifying the loadBalancerIP when a load balancer
- is created. This field will be ignored if the cloud-provider
- does not support the feature. This field was under-specified
- and its meaning varies across implementations, and it cannot
- support dual-stack. As of Kubernetes v1.24, users are encouraged
- to use implementation-specific annotations when available.
- This field may be removed in a future API version.'
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ This field was under-specified and its meaning varies across implementations,
+ and it cannot support dual-stack.
+ As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available.
+ This field may be removed in a future API version.
type: string
servicePorts:
description: ServicePort config service for NodePort access
@@ -6721,37 +7636,37 @@ spec:
description: DorisServicePort for ServiceType=NodePort situation.
properties:
nodePort:
- description: 'The port on each node on which this service
- is exposed when type is NodePort or LoadBalancer. Usually
- assigned by the system. If a value is specified, in-range,
- and not in use it will be used, otherwise the operation
- will fail. If not specified, a port will be allocated
- if this Service requires one. If this field is specified
- when creating a Service which does not need it, creation
- will fail. This field will be wiped when updating
- a Service to no longer need it (e.g. changing type
- from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
- need in 30000-32767'
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ need in 30000-32767
format: int32
type: integer
targetPort:
- description: 'Number or name of the port to access on
- the pods targeted by the service. Number must be in
- the range 1 to 65535. Name must be an IANA_SVC_NAME.
- If this is a string, it will be looked up as a named
- port in the target Pod''s container ports. If this
- is not specified, the value of the ''port'' field
- is used (an identity map). This field is ignored for
- services with clusterIP=None, and should be omitted
- or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
format: int32
type: integer
type: object
type: array
type:
- description: 'type of service,the possible value for the service
- type are : ClusterIP, NodePort, LoadBalancer,ExternalName.
- More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ description: |-
+ type of service,the possible value for the service type are : ClusterIP, NodePort, LoadBalancer,ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
type: string
type: object
serviceAccount:
@@ -6779,41 +7694,39 @@ spec:
description: (Optional) Tolerations for scheduling pods onto some
dedicated nodes
items:
- description: The pod this Toleration is attached to tolerates
- any taint that matches the triple using
- the matching operator .
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
properties:
effect:
- description: Effect indicates the taint effect to match.
- Empty means match all taint effects. When specified, allowed
- values are NoSchedule, PreferNoSchedule and NoExecute.
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
- description: Key is the taint key that the toleration applies
- to. Empty means match all taint keys. If the key is empty,
- operator must be Exists; this combination means to match
- all values and all keys.
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
- description: Operator represents a key's relationship to
- the value. Valid operators are Exists and Equal. Defaults
- to Equal. Exists is equivalent to wildcard for value,
- so that a pod can tolerate all taints of a particular
- category.
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
type: string
tolerationSeconds:
- description: TolerationSeconds represents the period of
- time the toleration (which must be of effect NoExecute,
- otherwise this field is ignored) tolerates the taint.
- By default, it is not set, which means tolerate the taint
- forever (do not evict). Zero and negative values will
- be treated as 0 (evict immediately) by the system.
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
- description: Value is the taint value the toleration matches
- to. If the operator is Exists, the value should be empty,
- otherwise just a regular string.
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
@@ -6829,8 +7742,9 @@ spec:
and failed pods.
properties:
accessService:
- description: DorisComponentStatus represents the status of a doris
- component. the name of fe service exposed for user.
+ description: |-
+ DorisComponentStatus represents the status of a doris component.
+ the name of fe service exposed for user.
type: string
componentCondition:
properties:
@@ -6879,8 +7793,9 @@ spec:
and failed pods.
properties:
accessService:
- description: DorisComponentStatus represents the status of a doris
- component. the name of fe service exposed for user.
+ description: |-
+ DorisComponentStatus represents the status of a doris component.
+ the name of fe service exposed for user.
type: string
componentCondition:
properties:
@@ -6929,8 +7844,9 @@ spec:
and failed pods.
properties:
accessService:
- description: DorisComponentStatus represents the status of a doris
- component. the name of fe service exposed for user.
+ description: |-
+ DorisComponentStatus represents the status of a doris component.
+ the name of fe service exposed for user.
type: string
componentCondition:
properties:
@@ -6989,8 +7905,9 @@ spec:
and failed pods.
properties:
accessService:
- description: DorisComponentStatus represents the status of a doris
- component. the name of fe service exposed for user.
+ description: |-
+ DorisComponentStatus represents the status of a doris component.
+ the name of fe service exposed for user.
type: string
componentCondition:
properties:
diff --git a/doc/api.md b/doc/api.md
index 5c140cf3..a013a121 100644
--- a/doc/api.md
+++ b/doc/api.md
@@ -347,19 +347,6 @@ example: if you want to use stream load
to load data into doris out
-fsGroup
-
-int64
-
- |
-
- A special supplemental group that applies to all containers in a pod.
-Some volume types allow the Kubelet to change the ownership of that volume
-to be owned by the pod:
- |
-
-
-
feAddress
@@ -546,6 +533,34 @@ SystemInitialization
SystemInitialization for fe, be and cn setting system parameters.
|
+
+
+securityContext
+
+
+Kubernetes core/v1.PodSecurityContext
+
+
+ |
+
+(Optional)
+ Security context for pod.
+ |
+
+
+
+containerSecurityContext
+
+
+Kubernetes core/v1.SecurityContext
+
+
+ |
+
+(Optional)
+ Security context for all containers running in the pod (unless they override it).
+ |
+
BeSpec
@@ -940,7 +955,10 @@ string
- the config info for start progress.
+ConfigMapName mapped the configuration files in the doris ‘conf/’ directory.
+such as ‘fe.conf’, ‘be.conf’. If HDFS access is involved, there may also be ‘core-site.xml’ and other files.
+doris-operator mounts these configuration files in the ‘/etc/doris’ directory by default.
+links them to the ‘conf/’ directory of the doris component through soft links.
|
@@ -951,8 +969,25 @@ string
- represents the key of configMap. for doris it refers to the config file name for start doris component.
-example: if deploy fe, the resolveKey = fe.conf, if deploy be resolveKey = be.conf, etc.
+(Optional)
+Deprecated: This configuration has been abandoned and will be cleared in version 1.7.0.
+It is currently forced to be ‘fe.conf’, ‘be.conf’, ‘apache_hdfs_broker.conf’
+It is no longer effective. the configuration content will not take effect.
+ |
+
+
+
+configMaps
+
+
+[]MountConfigMapInfo
+
+
+ |
+
+(Optional)
+ ConfigMaps can mount multiple configmaps to the specified path.
+The mounting path of configmap cannot be repeated.
|
@@ -2148,6 +2183,46 @@ Currently only valid for Resource metric source type
+MountConfigMapInfo
+
+
+(Appears on:ConfigMapInfo)
+
+
+
+
+
+
+Field |
+Description |
+
+
+
+
+
+configMapName
+
+string
+
+ |
+
+ name of configmap that needs to mount.
+ |
+
+
+
+mountPath
+
+string
+
+ |
+
+ Current ConfigMap Mount Path.
+If MountConfigMapInfo belongs to the same ConfigMapInfo, their MountPath cannot be repeated.
+ |
+
+
+
ObjectMetricSource
@@ -2487,5 +2562,5 @@ string
Generated with gen-crd-api-reference-docs
-on git commit 724621f
.
+on git commit 4e2ea72
.
diff --git a/helm-charts/doris-operator/crds/doris.selectdb.com_dorisclusters.yaml b/helm-charts/doris-operator/crds/doris.selectdb.com_dorisclusters.yaml
index 327a0551..b95507e5 100644
--- a/helm-charts/doris-operator/crds/doris.selectdb.com_dorisclusters.yaml
+++ b/helm-charts/doris-operator/crds/doris.selectdb.com_dorisclusters.yaml
@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.11.3
- creationTimestamp: null
+ controller-gen.kubebuilder.io/version: v0.14.0
name: dorisclusters.doris.selectdb.com
spec:
group: doris.selectdb.com
@@ -36,14 +35,19 @@ spec:
description: DorisCluster is the Schema for the dorisclusters API
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -62,6 +66,11 @@ spec:
description: password, login to doris db.
type: string
type: object
+ authSecret:
+ description: |-
+ the name of secret that type is `kubernetes.io/basic-auth` and contains keys username, password for management doris node in cluster as fe, be register.
+ the password key is `password`. the username defaults to `root` and is omitempty.
+ type: string
beSpec:
description: defines the be cluster state pod that will be created
by operator.
@@ -74,22 +83,20 @@ spec:
the pod.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the affinity expressions specified
- by this field, but it may choose a node that violates
- one or more of the expressions. The node that is most
- preferred is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node matches the corresponding matchExpressions;
- the node(s) with the highest sum are the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
items:
- description: An empty preferred scheduling term matches
- all objects with implicit weight 0 (i.e. it's a no-op).
- A null preferred scheduling term matches no objects
- (i.e. is also a no-op).
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
properties:
preference:
description: A node selector term, associated with
@@ -99,32 +106,26 @@ spec:
description: A list of node selector requirements
by node's labels.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -137,32 +138,26 @@ spec:
description: A list of node selector requirements
by node's fields.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -184,53 +179,46 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by
- this field are not met at scheduling time, the pod will
- not be scheduled onto the node. If the affinity requirements
- specified by this field cease to be met at some point
- during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from
- its node.
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
properties:
nodeSelectorTerms:
description: Required. A list of node selector terms.
The terms are ORed.
items:
- description: A null or empty node selector term
- matches no objects. The requirements of them are
- ANDed. The TopologySelectorTerm type implements
- a subset of the NodeSelectorTerm.
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -243,32 +231,26 @@ spec:
description: A list of node selector requirements
by node's fields.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -291,18 +273,16 @@ spec:
other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the affinity expressions specified
- by this field, but it may choose a node that violates
- one or more of the expressions. The node that is most
- preferred is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest sum are
- the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred
@@ -321,30 +301,25 @@ spec:
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -356,53 +331,45 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by
- this field and the ones listed in the namespaces
- field. null selector and null or empty namespaces
- list means "this pod's namespace". An empty
- selector ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -414,42 +381,37 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to.
- The term is applied to the union of the namespaces
- listed in this field and the ones selected
- by namespaceSelector. null or empty namespaces
- list and null namespaceSelector means "this
- pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the
- pods matching the labelSelector in the specified
- namespaces, where co-located is defined as
- running on a node whose value of the label
- with key topologyKey matches that of any node
- on which any of the selected pods is running.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
- description: weight associated with matching the
- corresponding podAffinityTerm, in the range 1-100.
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
format: int32
type: integer
required:
@@ -458,23 +420,22 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by
- this field are not met at scheduling time, the pod will
- not be scheduled onto the node. If the affinity requirements
- specified by this field cease to be met at some point
- during pod execution (e.g. due to a pod label update),
- the system may or may not try to eventually evict the
- pod from its node. When there are multiple elements,
- the lists of nodes corresponding to each podAffinityTerm
- are intersected, i.e. all terms must be satisfied.
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s))
- that this pod should be co-located (affinity) or not
- co-located (anti-affinity) with, where co-located
- is defined as running on a node whose value of the
- label with key matches that of any node
- on which a pod of the set of pods is running
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
properties:
labelSelector:
description: A label query over a set of resources,
@@ -485,28 +446,24 @@ spec:
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -519,51 +476,44 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by this
- field and the ones listed in the namespaces field.
- null selector and null or empty namespaces list
- means "this pod's namespace". An empty selector
- ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -576,33 +526,29 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to. The
- term is applied to the union of the namespaces
- listed in this field and the ones selected by
- namespaceSelector. null or empty namespaces list
- and null namespaceSelector means "this pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey
- matches that of any node on which any of the selected
- pods is running. Empty topologyKey is not allowed.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
type: string
required:
- topologyKey
@@ -615,18 +561,16 @@ spec:
as some other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the anti-affinity expressions
- specified by this field, but it may choose a node that
- violates one or more of the expressions. The node that
- is most preferred is the one with the greatest sum of
- weights, i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- anti-affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest sum are
- the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred
@@ -645,30 +589,25 @@ spec:
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -680,53 +619,45 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by
- this field and the ones listed in the namespaces
- field. null selector and null or empty namespaces
- list means "this pod's namespace". An empty
- selector ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -738,42 +669,37 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to.
- The term is applied to the union of the namespaces
- listed in this field and the ones selected
- by namespaceSelector. null or empty namespaces
- list and null namespaceSelector means "this
- pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the
- pods matching the labelSelector in the specified
- namespaces, where co-located is defined as
- running on a node whose value of the label
- with key topologyKey matches that of any node
- on which any of the selected pods is running.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
- description: weight associated with matching the
- corresponding podAffinityTerm, in the range 1-100.
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
format: int32
type: integer
required:
@@ -782,23 +708,22 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the anti-affinity requirements specified
- by this field are not met at scheduling time, the pod
- will not be scheduled onto the node. If the anti-affinity
- requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod
- label update), the system may or may not try to eventually
- evict the pod from its node. When there are multiple
- elements, the lists of nodes corresponding to each podAffinityTerm
- are intersected, i.e. all terms must be satisfied.
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s))
- that this pod should be co-located (affinity) or not
- co-located (anti-affinity) with, where co-located
- is defined as running on a node whose value of the
- label with key matches that of any node
- on which a pod of the set of pods is running
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
properties:
labelSelector:
description: A label query over a set of resources,
@@ -809,28 +734,24 @@ spec:
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -843,51 +764,44 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by this
- field and the ones listed in the namespaces field.
- null selector and null or empty namespaces list
- means "this pod's namespace". An empty selector
- ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -900,33 +814,29 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to. The
- term is applied to the union of the namespaces
- listed in this field and the ones selected by
- namespaceSelector. null or empty namespaces list
- and null namespaceSelector means "this pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey
- matches that of any node on which any of the selected
- pods is running. Empty topologyKey is not allowed.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
type: string
required:
- topologyKey
@@ -941,17 +851,24 @@ spec:
for collect to monitor system.
type: object
claims:
- description: "Claims lists the names of resources, defined in
- spec.resourceClaims, that are used by this container. \n This
- is an alpha field and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable."
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
- description: Name must match the name of one entry in pod.spec.resourceClaims
- of the Pod where this field is used. It makes that resource
- available inside a container.
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
type: string
required:
- name
@@ -964,11 +881,205 @@ spec:
description: the reference for cn configMap.
properties:
configMapName:
- description: the config info for start progress.
+ description: |-
+ ConfigMapName mapped the configuration files in the doris 'conf/' directory.
+ such as 'fe.conf', 'be.conf'. If HDFS access is involved, there may also be 'core-site.xml' and other files.
+ doris-operator mounts these configuration files in the '/etc/doris' directory by default.
+ links them to the 'conf/' directory of the doris component through soft links.
type: string
+ configMaps:
+ description: |-
+ ConfigMaps can mount multiple configmaps to the specified path.
+ The mounting path of configmap cannot be repeated.
+ items:
+ properties:
+ configMapName:
+ description: name of configmap that needs to mount.
+ type: string
+ mountPath:
+ description: |-
+ Current ConfigMap Mount Path.
+ If MountConfigMapInfo belongs to the same ConfigMapInfo, their MountPath cannot be repeated.
+ type: string
+ type: object
+ type: array
resolveKey:
- description: the config response key in configmap.
+ description: |-
+ Deprecated: This configuration has been abandoned and will be cleared in version 1.7.0.
+ It is currently forced to be 'fe.conf', 'be.conf', 'apache_hdfs_broker.conf'
+ It is no longer effective. the configuration content will not take effect.
+ type: string
+ type: object
+ containerSecurityContext:
+ description: Security context for all containers running in the
+ pod (unless they override it).
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ This field is alpha-level and will only be honored by components that enable the
+ WindowsHostProcessContainers feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod. All of a Pod's containers must
+ have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess is true
+ then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
type: object
envVars:
description: cnEnvVars is a slice of environment variables that
@@ -982,15 +1093,16 @@ spec:
C_IDENTIFIER.
type: string
value:
- description: 'Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in
- the container and any service environment variables. If
- a variable cannot be resolved, the reference in the input
- string will be unchanged. Double $$ are reduced to a single
- $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Defaults to "".'
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value.
@@ -1003,9 +1115,10 @@ spec:
description: The key to select.
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its
@@ -1016,11 +1129,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
fieldRef:
- description: 'Selects a field of the pod: supports metadata.name,
- metadata.namespace, `metadata.labels['''']`,
- `metadata.annotations['''']`, spec.nodeName,
- spec.serviceAccountName, status.hostIP, status.podIP,
- status.podIPs.'
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema the FieldPath
@@ -1035,10 +1146,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
- description: 'Selects a resource of the container: only
- resources limits and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu, requests.memory
- and requests.ephemeral-storage) are currently supported.'
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required for volumes,
@@ -1068,9 +1178,10 @@ spec:
be a valid secret key.
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key
@@ -1107,19 +1218,14 @@ spec:
type: integer
type: object
type: object
- fsGroup:
- description: 'A special supplemental group that applies to all
- containers in a pod. Some volume types allow the Kubelet to
- change the ownership of that volume to be owned by the pod:'
- format: int64
- type: integer
hostAliases:
- description: HostAliases is an optional list of hosts and IPs
- that will be injected into the pod's hosts file if specified.
- This is only valid for non-hostNetwork pods.
+ description: |-
+ HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
+ file if specified. This is only valid for non-hostNetwork pods.
items:
- description: HostAlias holds the mapping between IP and hostnames
- that will be injected as an entry in the pod's hosts file.
+ description: |-
+ HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
+ pod's hosts file.
properties:
hostnames:
description: Hostnames for the above IP address.
@@ -1135,18 +1241,20 @@ spec:
description: Image for a doris cn deployment.
type: string
imagePullSecrets:
- description: 'ImagePullSecrets is an optional list of references
- to secrets in the same namespace to use for pulling any of the
- images used by this PodSpec. If specified, these secrets will
- be passed to individual puller implementations for them to use.
- More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
+ description: |-
+ ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ If specified, these secrets will be passed to individual puller implementations for them to use.
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
items:
- description: LocalObjectReference contains enough information
- to let you locate the referenced object inside the same namespace.
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
@@ -1158,8 +1266,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
nodeSelector:
additionalProperties:
@@ -1183,28 +1292,27 @@ spec:
spec about storage that pods are required.
properties:
accessModes:
- description: 'accessModes contains the desired access
- modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
items:
type: string
type: array
dataSource:
- description: 'dataSource field can be used to specify
- either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim) If the provisioner
- or an external controller can support the specified
- data source, it will create a new volume based on
- the contents of the specified data source. When the
- AnyVolumeDataSource feature gate is enabled, dataSource
- contents will be copied to dataSourceRef, and dataSourceRef
- contents will be copied to dataSource when dataSourceRef.namespace
- is not specified. If the namespace is specified, then
- dataSourceRef will not be copied to dataSource.'
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
properties:
apiGroup:
- description: APIGroup is the group for the resource
- being referenced. If APIGroup is not specified,
- the specified Kind must be in the core API group.
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required.
type: string
kind:
@@ -1221,40 +1329,35 @@ spec:
type: object
x-kubernetes-map-type: atomic
dataSourceRef:
- description: 'dataSourceRef specifies the object from
- which to populate the volume with data, if a non-empty
- volume is desired. This may be any object from a non-empty
- API group (non core object) or a PersistentVolumeClaim
- object. When this field is specified, volume binding
- will only succeed if the type of the specified object
- matches some installed volume populator or dynamic
- provisioner. This field will replace the functionality
- of the dataSource field and as such if both fields
- are non-empty, they must have the same value. For
- backwards compatibility, when namespace isn''t specified
- in dataSourceRef, both fields (dataSource and dataSourceRef)
- will be set to the same value automatically if one
- of them is empty and the other is non-empty. When
- namespace is specified in dataSourceRef, dataSource
- isn''t set to the same value and must be empty. There
- are three important differences between dataSource
- and dataSourceRef: * While dataSource only allows
- two specific types of objects, dataSourceRef allows
- any non-core object, as well as PersistentVolumeClaim
- objects. * While dataSource ignores disallowed values
- (dropping them), dataSourceRef preserves all values,
- and generates an error if a disallowed value is specified.
- * While dataSource only allows local objects, dataSourceRef
- allows objects in any namespaces. (Beta) Using this
- field requires the AnyVolumeDataSource feature gate
- to be enabled. (Alpha) Using the namespace field of
- dataSourceRef requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled.'
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
properties:
apiGroup:
- description: APIGroup is the group for the resource
- being referenced. If APIGroup is not specified,
- the specified Kind must be in the core API group.
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required.
type: string
kind:
@@ -1266,42 +1369,43 @@ spec:
referenced
type: string
namespace:
- description: Namespace is the namespace of resource
- being referenced Note that when a namespace is
- specified, a gateway.networking.k8s.io/ReferenceGrant
- object is required in the referent namespace to
- allow that namespace's owner to accept the reference.
- See the ReferenceGrant documentation for details.
- (Alpha) This field requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled.
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
type: string
required:
- kind
- name
type: object
resources:
- description: 'resources represents the minimum resources
- the volume should have. If RecoverVolumeExpansionFailure
- feature is enabled users are allowed to specify resource
- requirements that are lower than previous value but
- must still be higher than capacity recorded in the
- status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
properties:
claims:
- description: "Claims lists the names of resources,
- defined in spec.resourceClaims, that are used
- by this container. \n This is an alpha field and
- requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable."
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable.
items:
description: ResourceClaim references one entry
in PodSpec.ResourceClaims.
properties:
name:
- description: Name must match the name of one
- entry in pod.spec.resourceClaims of the
- Pod where this field is used. It makes that
- resource available inside a container.
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
type: string
required:
- name
@@ -1317,8 +1421,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
@@ -1327,11 +1432,11 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum amount
- of compute resources required. If Requests is
- omitted for a container, it defaults to Limits
- if that is explicitly specified, otherwise to
- an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
selector:
@@ -1342,26 +1447,25 @@ spec:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
- description: A label selector requirement is a
- selector that contains values, a key, and an
- operator that relates the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty. If the
- operator is Exists or DoesNotExist, the
- values array must be empty. This array is
- replaced during a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -1373,23 +1477,22 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is "In",
- and the values array contains only "value". The
- requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
storageClassName:
- description: 'storageClassName is the name of the StorageClass
- required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
type: string
volumeMode:
- description: volumeMode defines what type of volume
- is required by the claim. Value of Filesystem is implied
- when not included in claim spec.
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
type: string
volumeName:
description: volumeName is the binding reference to
@@ -1418,24 +1521,210 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum amount of compute
- resources required. If Requests is omitted for a container,
- it defaults to Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ securityContext:
+ description: Security context for pod.
+ properties:
+ fsGroup:
+ description: |-
+ A special supplemental group that applies to all containers in a pod.
+ Some volume types allow the Kubelet to change the ownership of that volume
+ to be owned by the pod:
+
+
+ 1. The owning GID will be the FSGroup
+ 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw----
+
+
+ If unset, the Kubelet will not modify the ownership and permissions of any volume.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: |-
+ fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
+ before being exposed inside Pod. This field will only apply to
+ volume types which support fsGroup based ownership(and permissions).
+ It will have no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir.
+ Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in SecurityContext. If set in
+ both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by the containers in this pod.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: |-
+ A list of groups applied to the first process run in each container, in addition
+ to the container's primary GID, the fsGroup (if specified), and group memberships
+ defined in the container image for the uid of the container process. If unspecified,
+ no additional groups are added to any container. Note that group memberships
+ defined in the container image for the uid of the container process are still effective,
+ even if they are not included in this list.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: |-
+ Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
+ sysctls (by the container runtime) might fail to launch.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options within a container's SecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ This field is alpha-level and will only be honored by components that enable the
+ WindowsHostProcessContainers feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod. All of a Pod's containers must
+ have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess is true
+ then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
type: object
service:
- description: expose the be listen ports
+ description: |-
+ expose doris components for accessing.
+ example: if you want to use `stream load` to load data into doris out k8s, you can use be service and config different service type for loading data.
properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations for using function on different cloud
+ platform.
+ type: object
loadBalancerIP:
- description: 'Only applies to Service Type: LoadBalancer.
- This feature depends on whether the underlying cloud-provider
- supports specifying the loadBalancerIP when a load balancer
- is created. This field will be ignored if the cloud-provider
- does not support the feature. This field was under-specified
- and its meaning varies across implementations, and it cannot
- support dual-stack. As of Kubernetes v1.24, users are encouraged
- to use implementation-specific annotations when available.
- This field may be removed in a future API version.'
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ This field was under-specified and its meaning varies across implementations,
+ and it cannot support dual-stack.
+ As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available.
+ This field may be removed in a future API version.
type: string
servicePorts:
description: ServicePort config service for NodePort access
@@ -1444,37 +1733,37 @@ spec:
description: DorisServicePort for ServiceType=NodePort situation.
properties:
nodePort:
- description: 'The port on each node on which this service
- is exposed when type is NodePort or LoadBalancer. Usually
- assigned by the system. If a value is specified, in-range,
- and not in use it will be used, otherwise the operation
- will fail. If not specified, a port will be allocated
- if this Service requires one. If this field is specified
- when creating a Service which does not need it, creation
- will fail. This field will be wiped when updating
- a Service to no longer need it (e.g. changing type
- from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
- need in 30000-32767'
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ need in 30000-32767
format: int32
type: integer
targetPort:
- description: 'Number or name of the port to access on
- the pods targeted by the service. Number must be in
- the range 1 to 65535. Name must be an IANA_SVC_NAME.
- If this is a string, it will be looked up as a named
- port in the target Pod''s container ports. If this
- is not specified, the value of the ''port'' field
- is used (an identity map). This field is ignored for
- services with clusterIP=None, and should be omitted
- or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
format: int32
type: integer
type: object
type: array
type:
- description: 'type of service,the possible value for the service
- type are : ClusterIP, NodePort, LoadBalancer,ExternalName.
- More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ description: |-
+ type of service,the possible value for the service type are : ClusterIP, NodePort, LoadBalancer,ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
type: string
type: object
serviceAccount:
@@ -1502,41 +1791,39 @@ spec:
description: (Optional) Tolerations for scheduling pods onto some
dedicated nodes
items:
- description: The pod this Toleration is attached to tolerates
- any taint that matches the triple using
- the matching operator .
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
properties:
effect:
- description: Effect indicates the taint effect to match.
- Empty means match all taint effects. When specified, allowed
- values are NoSchedule, PreferNoSchedule and NoExecute.
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
- description: Key is the taint key that the toleration applies
- to. Empty means match all taint keys. If the key is empty,
- operator must be Exists; this combination means to match
- all values and all keys.
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
- description: Operator represents a key's relationship to
- the value. Valid operators are Exists and Equal. Defaults
- to Equal. Exists is equivalent to wildcard for value,
- so that a pod can tolerate all taints of a particular
- category.
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
type: string
tolerationSeconds:
- description: TolerationSeconds represents the period of
- time the toleration (which must be of effect NoExecute,
- otherwise this field is ignored) tolerates the taint.
- By default, it is not set, which means tolerate the taint
- forever (do not evict). Zero and negative values will
- be treated as 0 (evict immediately) by the system.
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
- description: Value is the taint value the toleration matches
- to. If the operator is Exists, the value should be empty,
- otherwise just a regular string.
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
@@ -1554,22 +1841,20 @@ spec:
the pod.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the affinity expressions specified
- by this field, but it may choose a node that violates
- one or more of the expressions. The node that is most
- preferred is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node matches the corresponding matchExpressions;
- the node(s) with the highest sum are the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
items:
- description: An empty preferred scheduling term matches
- all objects with implicit weight 0 (i.e. it's a no-op).
- A null preferred scheduling term matches no objects
- (i.e. is also a no-op).
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
properties:
preference:
description: A node selector term, associated with
@@ -1579,32 +1864,26 @@ spec:
description: A list of node selector requirements
by node's labels.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -1617,32 +1896,26 @@ spec:
description: A list of node selector requirements
by node's fields.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -1664,53 +1937,46 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by
- this field are not met at scheduling time, the pod will
- not be scheduled onto the node. If the affinity requirements
- specified by this field cease to be met at some point
- during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from
- its node.
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
properties:
nodeSelectorTerms:
description: Required. A list of node selector terms.
The terms are ORed.
items:
- description: A null or empty node selector term
- matches no objects. The requirements of them are
- ANDed. The TopologySelectorTerm type implements
- a subset of the NodeSelectorTerm.
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -1723,32 +1989,26 @@ spec:
description: A list of node selector requirements
by node's fields.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -1771,18 +2031,16 @@ spec:
other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the affinity expressions specified
- by this field, but it may choose a node that violates
- one or more of the expressions. The node that is most
- preferred is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest sum are
- the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred
@@ -1801,30 +2059,25 @@ spec:
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -1836,53 +2089,45 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by
- this field and the ones listed in the namespaces
- field. null selector and null or empty namespaces
- list means "this pod's namespace". An empty
- selector ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -1894,42 +2139,37 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to.
- The term is applied to the union of the namespaces
- listed in this field and the ones selected
- by namespaceSelector. null or empty namespaces
- list and null namespaceSelector means "this
- pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the
- pods matching the labelSelector in the specified
- namespaces, where co-located is defined as
- running on a node whose value of the label
- with key topologyKey matches that of any node
- on which any of the selected pods is running.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
- description: weight associated with matching the
- corresponding podAffinityTerm, in the range 1-100.
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
format: int32
type: integer
required:
@@ -1938,23 +2178,22 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by
- this field are not met at scheduling time, the pod will
- not be scheduled onto the node. If the affinity requirements
- specified by this field cease to be met at some point
- during pod execution (e.g. due to a pod label update),
- the system may or may not try to eventually evict the
- pod from its node. When there are multiple elements,
- the lists of nodes corresponding to each podAffinityTerm
- are intersected, i.e. all terms must be satisfied.
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s))
- that this pod should be co-located (affinity) or not
- co-located (anti-affinity) with, where co-located
- is defined as running on a node whose value of the
- label with key matches that of any node
- on which a pod of the set of pods is running
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
properties:
labelSelector:
description: A label query over a set of resources,
@@ -1965,28 +2204,24 @@ spec:
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -1999,51 +2234,44 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by this
- field and the ones listed in the namespaces field.
- null selector and null or empty namespaces list
- means "this pod's namespace". An empty selector
- ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -2056,33 +2284,29 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to. The
- term is applied to the union of the namespaces
- listed in this field and the ones selected by
- namespaceSelector. null or empty namespaces list
- and null namespaceSelector means "this pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey
- matches that of any node on which any of the selected
- pods is running. Empty topologyKey is not allowed.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
type: string
required:
- topologyKey
@@ -2095,18 +2319,16 @@ spec:
as some other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the anti-affinity expressions
- specified by this field, but it may choose a node that
- violates one or more of the expressions. The node that
- is most preferred is the one with the greatest sum of
- weights, i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- anti-affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest sum are
- the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred
@@ -2125,30 +2347,25 @@ spec:
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -2160,53 +2377,45 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by
- this field and the ones listed in the namespaces
- field. null selector and null or empty namespaces
- list means "this pod's namespace". An empty
- selector ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -2218,42 +2427,37 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to.
- The term is applied to the union of the namespaces
- listed in this field and the ones selected
- by namespaceSelector. null or empty namespaces
- list and null namespaceSelector means "this
- pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the
- pods matching the labelSelector in the specified
- namespaces, where co-located is defined as
- running on a node whose value of the label
- with key topologyKey matches that of any node
- on which any of the selected pods is running.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
- description: weight associated with matching the
- corresponding podAffinityTerm, in the range 1-100.
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
format: int32
type: integer
required:
@@ -2262,23 +2466,22 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the anti-affinity requirements specified
- by this field are not met at scheduling time, the pod
- will not be scheduled onto the node. If the anti-affinity
- requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod
- label update), the system may or may not try to eventually
- evict the pod from its node. When there are multiple
- elements, the lists of nodes corresponding to each podAffinityTerm
- are intersected, i.e. all terms must be satisfied.
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s))
- that this pod should be co-located (affinity) or not
- co-located (anti-affinity) with, where co-located
- is defined as running on a node whose value of the
- label with key matches that of any node
- on which a pod of the set of pods is running
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
properties:
labelSelector:
description: A label query over a set of resources,
@@ -2289,28 +2492,24 @@ spec:
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -2323,51 +2522,44 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by this
- field and the ones listed in the namespaces field.
- null selector and null or empty namespaces list
- means "this pod's namespace". An empty selector
- ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -2380,33 +2572,29 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to. The
- term is applied to the union of the namespaces
- listed in this field and the ones selected by
- namespaceSelector. null or empty namespaces list
- and null namespaceSelector means "this pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey
- matches that of any node on which any of the selected
- pods is running. Empty topologyKey is not allowed.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
type: string
required:
- topologyKey
@@ -2421,17 +2609,24 @@ spec:
for collect to monitor system.
type: object
claims:
- description: "Claims lists the names of resources, defined in
- spec.resourceClaims, that are used by this container. \n This
- is an alpha field and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable."
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
- description: Name must match the name of one entry in pod.spec.resourceClaims
- of the Pod where this field is used. It makes that resource
- available inside a container.
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
type: string
required:
- name
@@ -2444,11 +2639,205 @@ spec:
description: the reference for cn configMap.
properties:
configMapName:
- description: the config info for start progress.
+ description: |-
+ ConfigMapName mapped the configuration files in the doris 'conf/' directory.
+ such as 'fe.conf', 'be.conf'. If HDFS access is involved, there may also be 'core-site.xml' and other files.
+ doris-operator mounts these configuration files in the '/etc/doris' directory by default.
+ links them to the 'conf/' directory of the doris component through soft links.
type: string
+ configMaps:
+ description: |-
+ ConfigMaps can mount multiple configmaps to the specified path.
+ The mounting path of configmap cannot be repeated.
+ items:
+ properties:
+ configMapName:
+ description: name of configmap that needs to mount.
+ type: string
+ mountPath:
+ description: |-
+ Current ConfigMap Mount Path.
+ If MountConfigMapInfo belongs to the same ConfigMapInfo, their MountPath cannot be repeated.
+ type: string
+ type: object
+ type: array
resolveKey:
- description: the config response key in configmap.
+ description: |-
+ Deprecated: This configuration has been abandoned and will be cleared in version 1.7.0.
+ It is currently forced to be 'fe.conf', 'be.conf', 'apache_hdfs_broker.conf'
+ It is no longer effective. the configuration content will not take effect.
+ type: string
+ type: object
+ containerSecurityContext:
+ description: Security context for all containers running in the
+ pod (unless they override it).
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ This field is alpha-level and will only be honored by components that enable the
+ WindowsHostProcessContainers feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod. All of a Pod's containers must
+ have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess is true
+ then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
type: object
envVars:
description: cnEnvVars is a slice of environment variables that
@@ -2462,15 +2851,16 @@ spec:
C_IDENTIFIER.
type: string
value:
- description: 'Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in
- the container and any service environment variables. If
- a variable cannot be resolved, the reference in the input
- string will be unchanged. Double $$ are reduced to a single
- $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Defaults to "".'
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value.
@@ -2483,9 +2873,10 @@ spec:
description: The key to select.
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its
@@ -2496,11 +2887,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
fieldRef:
- description: 'Selects a field of the pod: supports metadata.name,
- metadata.namespace, `metadata.labels['''']`,
- `metadata.annotations['''']`, spec.nodeName,
- spec.serviceAccountName, status.hostIP, status.podIP,
- status.podIPs.'
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema the FieldPath
@@ -2515,10 +2904,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
- description: 'Selects a resource of the container: only
- resources limits and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu, requests.memory
- and requests.ephemeral-storage) are currently supported.'
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required for volumes,
@@ -2548,9 +2936,10 @@ spec:
be a valid secret key.
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key
@@ -2587,19 +2976,14 @@ spec:
type: integer
type: object
type: object
- fsGroup:
- description: 'A special supplemental group that applies to all
- containers in a pod. Some volume types allow the Kubelet to
- change the ownership of that volume to be owned by the pod:'
- format: int64
- type: integer
hostAliases:
- description: HostAliases is an optional list of hosts and IPs
- that will be injected into the pod's hosts file if specified.
- This is only valid for non-hostNetwork pods.
+ description: |-
+ HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
+ file if specified. This is only valid for non-hostNetwork pods.
items:
- description: HostAlias holds the mapping between IP and hostnames
- that will be injected as an entry in the pod's hosts file.
+ description: |-
+ HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
+ pod's hosts file.
properties:
hostnames:
description: Hostnames for the above IP address.
@@ -2615,27 +2999,29 @@ spec:
description: Image for a doris cn deployment.
type: string
imagePullSecrets:
- description: 'ImagePullSecrets is an optional list of references
- to secrets in the same namespace to use for pulling any of the
- images used by this PodSpec. If specified, these secrets will
- be passed to individual puller implementations for them to use.
- More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
+ description: |-
+ ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ If specified, these secrets will be passed to individual puller implementations for them to use.
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
items:
- description: LocalObjectReference contains enough information
- to let you locate the referenced object inside the same namespace.
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
type: array
kickOffAffinityBe:
- description: enable affinity with be , if kickoff affinity, the
- operator will set affinity on broker with be. The affinity is
- preferred not required. When the user custom affinity the switch
- does not take effect anymore.
+ description: |-
+ enable affinity with be , if kickoff affinity, the operator will set affinity on broker with be.
+ The affinity is preferred not required.
+ When the user custom affinity the switch does not take effect anymore.
type: boolean
limits:
additionalProperties:
@@ -2644,8 +3030,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
nodeSelector:
additionalProperties:
@@ -2669,28 +3056,27 @@ spec:
spec about storage that pods are required.
properties:
accessModes:
- description: 'accessModes contains the desired access
- modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
items:
type: string
type: array
dataSource:
- description: 'dataSource field can be used to specify
- either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim) If the provisioner
- or an external controller can support the specified
- data source, it will create a new volume based on
- the contents of the specified data source. When the
- AnyVolumeDataSource feature gate is enabled, dataSource
- contents will be copied to dataSourceRef, and dataSourceRef
- contents will be copied to dataSource when dataSourceRef.namespace
- is not specified. If the namespace is specified, then
- dataSourceRef will not be copied to dataSource.'
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
properties:
apiGroup:
- description: APIGroup is the group for the resource
- being referenced. If APIGroup is not specified,
- the specified Kind must be in the core API group.
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required.
type: string
kind:
@@ -2707,40 +3093,35 @@ spec:
type: object
x-kubernetes-map-type: atomic
dataSourceRef:
- description: 'dataSourceRef specifies the object from
- which to populate the volume with data, if a non-empty
- volume is desired. This may be any object from a non-empty
- API group (non core object) or a PersistentVolumeClaim
- object. When this field is specified, volume binding
- will only succeed if the type of the specified object
- matches some installed volume populator or dynamic
- provisioner. This field will replace the functionality
- of the dataSource field and as such if both fields
- are non-empty, they must have the same value. For
- backwards compatibility, when namespace isn''t specified
- in dataSourceRef, both fields (dataSource and dataSourceRef)
- will be set to the same value automatically if one
- of them is empty and the other is non-empty. When
- namespace is specified in dataSourceRef, dataSource
- isn''t set to the same value and must be empty. There
- are three important differences between dataSource
- and dataSourceRef: * While dataSource only allows
- two specific types of objects, dataSourceRef allows
- any non-core object, as well as PersistentVolumeClaim
- objects. * While dataSource ignores disallowed values
- (dropping them), dataSourceRef preserves all values,
- and generates an error if a disallowed value is specified.
- * While dataSource only allows local objects, dataSourceRef
- allows objects in any namespaces. (Beta) Using this
- field requires the AnyVolumeDataSource feature gate
- to be enabled. (Alpha) Using the namespace field of
- dataSourceRef requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled.'
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
properties:
apiGroup:
- description: APIGroup is the group for the resource
- being referenced. If APIGroup is not specified,
- the specified Kind must be in the core API group.
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required.
type: string
kind:
@@ -2752,42 +3133,43 @@ spec:
referenced
type: string
namespace:
- description: Namespace is the namespace of resource
- being referenced Note that when a namespace is
- specified, a gateway.networking.k8s.io/ReferenceGrant
- object is required in the referent namespace to
- allow that namespace's owner to accept the reference.
- See the ReferenceGrant documentation for details.
- (Alpha) This field requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled.
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
type: string
required:
- kind
- name
type: object
resources:
- description: 'resources represents the minimum resources
- the volume should have. If RecoverVolumeExpansionFailure
- feature is enabled users are allowed to specify resource
- requirements that are lower than previous value but
- must still be higher than capacity recorded in the
- status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
properties:
claims:
- description: "Claims lists the names of resources,
- defined in spec.resourceClaims, that are used
- by this container. \n This is an alpha field and
- requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable."
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable.
items:
description: ResourceClaim references one entry
in PodSpec.ResourceClaims.
properties:
name:
- description: Name must match the name of one
- entry in pod.spec.resourceClaims of the
- Pod where this field is used. It makes that
- resource available inside a container.
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
type: string
required:
- name
@@ -2803,8 +3185,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
@@ -2813,11 +3196,11 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum amount
- of compute resources required. If Requests is
- omitted for a container, it defaults to Limits
- if that is explicitly specified, otherwise to
- an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
selector:
@@ -2828,26 +3211,25 @@ spec:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
- description: A label selector requirement is a
- selector that contains values, a key, and an
- operator that relates the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty. If the
- operator is Exists or DoesNotExist, the
- values array must be empty. This array is
- replaced during a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -2859,23 +3241,22 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is "In",
- and the values array contains only "value". The
- requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
storageClassName:
- description: 'storageClassName is the name of the StorageClass
- required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
type: string
volumeMode:
- description: volumeMode defines what type of volume
- is required by the claim. Value of Filesystem is implied
- when not included in claim spec.
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
type: string
volumeName:
description: volumeName is the binding reference to
@@ -2904,24 +3285,210 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum amount of compute
- resources required. If Requests is omitted for a container,
- it defaults to Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ securityContext:
+ description: Security context for pod.
+ properties:
+ fsGroup:
+ description: |-
+ A special supplemental group that applies to all containers in a pod.
+ Some volume types allow the Kubelet to change the ownership of that volume
+ to be owned by the pod:
+
+
+ 1. The owning GID will be the FSGroup
+ 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw----
+
+
+ If unset, the Kubelet will not modify the ownership and permissions of any volume.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: |-
+ fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
+ before being exposed inside Pod. This field will only apply to
+ volume types which support fsGroup based ownership(and permissions).
+ It will have no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir.
+ Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in SecurityContext. If set in
+ both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by the containers in this pod.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: |-
+ A list of groups applied to the first process run in each container, in addition
+ to the container's primary GID, the fsGroup (if specified), and group memberships
+ defined in the container image for the uid of the container process. If unspecified,
+ no additional groups are added to any container. Note that group memberships
+ defined in the container image for the uid of the container process are still effective,
+ even if they are not included in this list.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: |-
+ Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
+ sysctls (by the container runtime) might fail to launch.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options within a container's SecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ This field is alpha-level and will only be honored by components that enable the
+ WindowsHostProcessContainers feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod. All of a Pod's containers must
+ have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess is true
+ then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
type: object
service:
- description: expose the be listen ports
+ description: |-
+ expose doris components for accessing.
+ example: if you want to use `stream load` to load data into doris out k8s, you can use be service and config different service type for loading data.
properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations for using function on different cloud
+ platform.
+ type: object
loadBalancerIP:
- description: 'Only applies to Service Type: LoadBalancer.
- This feature depends on whether the underlying cloud-provider
- supports specifying the loadBalancerIP when a load balancer
- is created. This field will be ignored if the cloud-provider
- does not support the feature. This field was under-specified
- and its meaning varies across implementations, and it cannot
- support dual-stack. As of Kubernetes v1.24, users are encouraged
- to use implementation-specific annotations when available.
- This field may be removed in a future API version.'
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ This field was under-specified and its meaning varies across implementations,
+ and it cannot support dual-stack.
+ As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available.
+ This field may be removed in a future API version.
type: string
servicePorts:
description: ServicePort config service for NodePort access
@@ -2930,37 +3497,37 @@ spec:
description: DorisServicePort for ServiceType=NodePort situation.
properties:
nodePort:
- description: 'The port on each node on which this service
- is exposed when type is NodePort or LoadBalancer. Usually
- assigned by the system. If a value is specified, in-range,
- and not in use it will be used, otherwise the operation
- will fail. If not specified, a port will be allocated
- if this Service requires one. If this field is specified
- when creating a Service which does not need it, creation
- will fail. This field will be wiped when updating
- a Service to no longer need it (e.g. changing type
- from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
- need in 30000-32767'
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ need in 30000-32767
format: int32
type: integer
targetPort:
- description: 'Number or name of the port to access on
- the pods targeted by the service. Number must be in
- the range 1 to 65535. Name must be an IANA_SVC_NAME.
- If this is a string, it will be looked up as a named
- port in the target Pod''s container ports. If this
- is not specified, the value of the ''port'' field
- is used (an identity map). This field is ignored for
- services with clusterIP=None, and should be omitted
- or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
format: int32
type: integer
type: object
type: array
type:
- description: 'type of service,the possible value for the service
- type are : ClusterIP, NodePort, LoadBalancer,ExternalName.
- More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ description: |-
+ type of service,the possible value for the service type are : ClusterIP, NodePort, LoadBalancer,ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
type: string
type: object
serviceAccount:
@@ -2988,41 +3555,39 @@ spec:
description: (Optional) Tolerations for scheduling pods onto some
dedicated nodes
items:
- description: The pod this Toleration is attached to tolerates
- any taint that matches the triple using
- the matching operator .
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
properties:
effect:
- description: Effect indicates the taint effect to match.
- Empty means match all taint effects. When specified, allowed
- values are NoSchedule, PreferNoSchedule and NoExecute.
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
- description: Key is the taint key that the toleration applies
- to. Empty means match all taint keys. If the key is empty,
- operator must be Exists; this combination means to match
- all values and all keys.
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
- description: Operator represents a key's relationship to
- the value. Valid operators are Exists and Equal. Defaults
- to Equal. Exists is equivalent to wildcard for value,
- so that a pod can tolerate all taints of a particular
- category.
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
type: string
tolerationSeconds:
- description: TolerationSeconds represents the period of
- time the toleration (which must be of effect NoExecute,
- otherwise this field is ignored) tolerates the taint.
- By default, it is not set, which means tolerate the taint
- forever (do not evict). Zero and negative values will
- be treated as 0 (evict immediately) by the system.
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
- description: Value is the taint value the toleration matches
- to. If the operator is Exists, the value should be empty,
- otherwise just a regular string.
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
@@ -3041,22 +3606,20 @@ spec:
the pod.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the affinity expressions specified
- by this field, but it may choose a node that violates
- one or more of the expressions. The node that is most
- preferred is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node matches the corresponding matchExpressions;
- the node(s) with the highest sum are the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
items:
- description: An empty preferred scheduling term matches
- all objects with implicit weight 0 (i.e. it's a no-op).
- A null preferred scheduling term matches no objects
- (i.e. is also a no-op).
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
properties:
preference:
description: A node selector term, associated with
@@ -3066,32 +3629,26 @@ spec:
description: A list of node selector requirements
by node's labels.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -3104,32 +3661,26 @@ spec:
description: A list of node selector requirements
by node's fields.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -3151,53 +3702,46 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by
- this field are not met at scheduling time, the pod will
- not be scheduled onto the node. If the affinity requirements
- specified by this field cease to be met at some point
- during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from
- its node.
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
properties:
nodeSelectorTerms:
description: Required. A list of node selector terms.
The terms are ORed.
items:
- description: A null or empty node selector term
- matches no objects. The requirements of them are
- ANDed. The TopologySelectorTerm type implements
- a subset of the NodeSelectorTerm.
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -3210,32 +3754,26 @@ spec:
description: A list of node selector requirements
by node's fields.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -3258,18 +3796,16 @@ spec:
other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the affinity expressions specified
- by this field, but it may choose a node that violates
- one or more of the expressions. The node that is most
- preferred is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest sum are
- the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred
@@ -3288,30 +3824,25 @@ spec:
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -3323,53 +3854,45 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by
- this field and the ones listed in the namespaces
- field. null selector and null or empty namespaces
- list means "this pod's namespace". An empty
- selector ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -3381,42 +3904,37 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to.
- The term is applied to the union of the namespaces
- listed in this field and the ones selected
- by namespaceSelector. null or empty namespaces
- list and null namespaceSelector means "this
- pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the
- pods matching the labelSelector in the specified
- namespaces, where co-located is defined as
- running on a node whose value of the label
- with key topologyKey matches that of any node
- on which any of the selected pods is running.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
- description: weight associated with matching the
- corresponding podAffinityTerm, in the range 1-100.
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
format: int32
type: integer
required:
@@ -3425,23 +3943,22 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by
- this field are not met at scheduling time, the pod will
- not be scheduled onto the node. If the affinity requirements
- specified by this field cease to be met at some point
- during pod execution (e.g. due to a pod label update),
- the system may or may not try to eventually evict the
- pod from its node. When there are multiple elements,
- the lists of nodes corresponding to each podAffinityTerm
- are intersected, i.e. all terms must be satisfied.
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s))
- that this pod should be co-located (affinity) or not
- co-located (anti-affinity) with, where co-located
- is defined as running on a node whose value of the
- label with key matches that of any node
- on which a pod of the set of pods is running
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
properties:
labelSelector:
description: A label query over a set of resources,
@@ -3452,28 +3969,24 @@ spec:
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -3486,51 +3999,44 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by this
- field and the ones listed in the namespaces field.
- null selector and null or empty namespaces list
- means "this pod's namespace". An empty selector
- ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -3543,33 +4049,29 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to. The
- term is applied to the union of the namespaces
- listed in this field and the ones selected by
- namespaceSelector. null or empty namespaces list
- and null namespaceSelector means "this pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey
- matches that of any node on which any of the selected
- pods is running. Empty topologyKey is not allowed.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
type: string
required:
- topologyKey
@@ -3582,18 +4084,16 @@ spec:
as some other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the anti-affinity expressions
- specified by this field, but it may choose a node that
- violates one or more of the expressions. The node that
- is most preferred is the one with the greatest sum of
- weights, i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- anti-affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest sum are
- the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred
@@ -3612,30 +4112,25 @@ spec:
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -3647,53 +4142,45 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by
- this field and the ones listed in the namespaces
- field. null selector and null or empty namespaces
- list means "this pod's namespace". An empty
- selector ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -3705,42 +4192,37 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to.
- The term is applied to the union of the namespaces
- listed in this field and the ones selected
- by namespaceSelector. null or empty namespaces
- list and null namespaceSelector means "this
- pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the
- pods matching the labelSelector in the specified
- namespaces, where co-located is defined as
- running on a node whose value of the label
- with key topologyKey matches that of any node
- on which any of the selected pods is running.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
- description: weight associated with matching the
- corresponding podAffinityTerm, in the range 1-100.
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
format: int32
type: integer
required:
@@ -3749,23 +4231,22 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the anti-affinity requirements specified
- by this field are not met at scheduling time, the pod
- will not be scheduled onto the node. If the anti-affinity
- requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod
- label update), the system may or may not try to eventually
- evict the pod from its node. When there are multiple
- elements, the lists of nodes corresponding to each podAffinityTerm
- are intersected, i.e. all terms must be satisfied.
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s))
- that this pod should be co-located (affinity) or not
- co-located (anti-affinity) with, where co-located
- is defined as running on a node whose value of the
- label with key matches that of any node
- on which a pod of the set of pods is running
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
properties:
labelSelector:
description: A label query over a set of resources,
@@ -3776,28 +4257,24 @@ spec:
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -3810,51 +4287,44 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by this
- field and the ones listed in the namespaces field.
- null selector and null or empty namespaces list
- means "this pod's namespace". An empty selector
- ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -3867,33 +4337,29 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to. The
- term is applied to the union of the namespaces
- listed in this field and the ones selected by
- namespaceSelector. null or empty namespaces list
- and null namespaceSelector means "this pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey
- matches that of any node on which any of the selected
- pods is running. Empty topologyKey is not allowed.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
type: string
required:
- topologyKey
@@ -3915,35 +4381,32 @@ spec:
v2.
properties:
behavior:
- description: HorizontalPodAutoscalerBehavior configures
- the scaling behavior of the target. the struct copy
- from k8s.io/api/autoscaling/v2beta2/types.go. the redundancy
- code will hide the restriction about HorizontalPodAutoscaler
- version and kubernetes releases matching issue. the
+ description: |-
+ HorizontalPodAutoscalerBehavior configures the scaling behavior of the target.
+ the struct copy from k8s.io/api/autoscaling/v2beta2/types.go. the redundancy code will hide the restriction about
+ HorizontalPodAutoscaler version and kubernetes releases matching issue.
+ the
properties:
scaleDown:
- description: scaleDown is scaling policy for scaling
- Down. If not set, the default value is to allow
- to scale down to minReplicas pods, with a 300 second
- stabilization window (i.e., the highest recommendation
- for the last 300sec is used).
+ description: |-
+ scaleDown is scaling policy for scaling Down.
+ If not set, the default value is to allow to scale down to minReplicas pods, with a
+ 300 second stabilization window (i.e., the highest recommendation for
+ the last 300sec is used).
properties:
policies:
- description: policies is a list of potential scaling
- polices which can be used during scaling. At
- least one policy must be specified, otherwise
- the HPAScalingRules will be discarded as invalid
+ description: |-
+ policies is a list of potential scaling polices which can be used during scaling.
+ At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
items:
description: HPAScalingPolicy is a single policy
which must hold true for a specified past
interval.
properties:
periodSeconds:
- description: PeriodSeconds specifies the
- window of time for which the policy should
- hold true. PeriodSeconds must be greater
- than zero and less than or equal to 1800
- (30 min).
+ description: |-
+ PeriodSeconds specifies the window of time for which the policy should hold true.
+ PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).
format: int32
type: integer
type:
@@ -3951,8 +4414,8 @@ spec:
scaling policy.
type: string
value:
- description: Value contains the amount of
- change which is permitted by the policy.
+ description: |-
+ Value contains the amount of change which is permitted by the policy.
It must be greater than zero
format: int32
type: integer
@@ -3963,46 +4426,42 @@ spec:
type: object
type: array
selectPolicy:
- description: selectPolicy is used to specify which
- policy should be used. If not set, the default
- value MaxPolicySelect is used.
+ description: |-
+ selectPolicy is used to specify which policy should be used.
+ If not set, the default value MaxPolicySelect is used.
type: string
stabilizationWindowSeconds:
- description: 'StabilizationWindowSeconds is the
- number of seconds for which past recommendations
- should be considered while scaling up or scaling
- down. StabilizationWindowSeconds must be greater
- than or equal to zero and less than or equal
- to 3600 (one hour). If not set, use the default
- values: - For scale up: 0 (i.e. no stabilization
- is done). - For scale down: 300 (i.e. the stabilization
- window is 300 seconds long).'
+ description: |-
+ StabilizationWindowSeconds is the number of seconds for which past recommendations should be
+ considered while scaling up or scaling down.
+ StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour).
+ If not set, use the default values:
+ - For scale up: 0 (i.e. no stabilization is done).
+ - For scale down: 300 (i.e. the stabilization window is 300 seconds long).
format: int32
type: integer
type: object
scaleUp:
- description: 'scaleUp is scaling policy for scaling
- Up. If not set, the default value is the higher
- of: * increase no more than 4 pods per 60 seconds
- * double the number of pods per 60 seconds No stabilization
- is used.'
+ description: |-
+ scaleUp is scaling policy for scaling Up.
+ If not set, the default value is the higher of:
+ * increase no more than 4 pods per 60 seconds
+ * double the number of pods per 60 seconds
+ No stabilization is used.
properties:
policies:
- description: policies is a list of potential scaling
- polices which can be used during scaling. At
- least one policy must be specified, otherwise
- the HPAScalingRules will be discarded as invalid
+ description: |-
+ policies is a list of potential scaling polices which can be used during scaling.
+ At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
items:
description: HPAScalingPolicy is a single policy
which must hold true for a specified past
interval.
properties:
periodSeconds:
- description: PeriodSeconds specifies the
- window of time for which the policy should
- hold true. PeriodSeconds must be greater
- than zero and less than or equal to 1800
- (30 min).
+ description: |-
+ PeriodSeconds specifies the window of time for which the policy should hold true.
+ PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).
format: int32
type: integer
type:
@@ -4010,8 +4469,8 @@ spec:
scaling policy.
type: string
value:
- description: Value contains the amount of
- change which is permitted by the policy.
+ description: |-
+ Value contains the amount of change which is permitted by the policy.
It must be greater than zero
format: int32
type: integer
@@ -4022,47 +4481,41 @@ spec:
type: object
type: array
selectPolicy:
- description: selectPolicy is used to specify which
- policy should be used. If not set, the default
- value MaxPolicySelect is used.
+ description: |-
+ selectPolicy is used to specify which policy should be used.
+ If not set, the default value MaxPolicySelect is used.
type: string
stabilizationWindowSeconds:
- description: 'StabilizationWindowSeconds is the
- number of seconds for which past recommendations
- should be considered while scaling up or scaling
- down. StabilizationWindowSeconds must be greater
- than or equal to zero and less than or equal
- to 3600 (one hour). If not set, use the default
- values: - For scale up: 0 (i.e. no stabilization
- is done). - For scale down: 300 (i.e. the stabilization
- window is 300 seconds long).'
+ description: |-
+ StabilizationWindowSeconds is the number of seconds for which past recommendations should be
+ considered while scaling up or scaling down.
+ StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour).
+ If not set, use the default values:
+ - For scale up: 0 (i.e. no stabilization is done).
+ - For scale down: 300 (i.e. the stabilization window is 300 seconds long).
format: int32
type: integer
type: object
type: object
metrics:
- description: Metrics specifies how to scale based on a
- single metric the struct copy from k8s.io/api/autoscaling/v2beta2/types.go.
- the redundancy code will hide the restriction about
- HorizontalPodAutoscaler version and kubernetes releases
- matching issue. the splice will have unsafe.Pointer
- convert, so be careful to edit the struct fileds.
+ description: |-
+ Metrics specifies how to scale based on a single metric
+ the struct copy from k8s.io/api/autoscaling/v2beta2/types.go. the redundancy code will hide the restriction about
+ HorizontalPodAutoscaler version and kubernetes releases matching issue.
+ the splice will have unsafe.Pointer convert, so be careful to edit the struct fileds.
items:
- description: MetricSpec specifies how to scale based
- on a single metric (only `type` and one other matching
- field should be set at once).
+ description: |-
+ MetricSpec specifies how to scale based on a single metric
+ (only `type` and one other matching field should be set at once).
properties:
containerResource:
- description: container resource refers to a resource
- metric (such as those specified in requests and
- limits) known to Kubernetes describing a single
- container in each pod of the current scale target
- (e.g. CPU or memory). Such metrics are built in
- to Kubernetes, and have special scaling options
- on top of those available to normal per-pod metrics
- using the "pods" source. This is an alpha feature
- and can be enabled by the HPAContainerMetrics
- feature flag.
+ description: |-
+ container resource refers to a resource metric (such as those specified in
+ requests and limits) known to Kubernetes describing a single container in
+ each pod of the current scale target (e.g. CPU or memory). Such metrics are
+ built in to Kubernetes, and have special scaling options on top of those
+ available to normal per-pod metrics using the "pods" source.
+ This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag.
properties:
container:
description: container is the name of the container
@@ -4077,22 +4530,20 @@ spec:
for the given metric
properties:
averageUtilization:
- description: averageUtilization is the target
- value of the average of the resource metric
- across all relevant pods, represented
- as a percentage of the requested value
- of the resource for the pods. Currently
- only valid for Resource metric source
- type
+ description: |-
+ averageUtilization is the target value of the average of the
+ resource metric across all relevant pods, represented as a percentage of
+ the requested value of the resource for the pods.
+ Currently only valid for Resource metric source type
format: int32
type: integer
averageValue:
anyOf:
- type: integer
- type: string
- description: averageValue is the target
- value of the average of the metric across
- all relevant pods (as a quantity)
+ description: |-
+ averageValue is the target value of the average of the
+ metric across all relevant pods (as a quantity)
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type:
@@ -4117,12 +4568,12 @@ spec:
- target
type: object
external:
- description: external refers to a global metric
- that is not associated with any Kubernetes object.
- It allows autoscaling based on information coming
- from components running outside of cluster (for
- example length of queue in cloud messaging service,
- or QPS from loadbalancer running outside of cluster).
+ description: |-
+ external refers to a global metric that is not associated
+ with any Kubernetes object. It allows autoscaling based on information
+ coming from components running outside of cluster
+ (for example length of queue in cloud messaging service, or
+ QPS from loadbalancer running outside of cluster).
properties:
metric:
description: metric identifies the target metric
@@ -4133,23 +4584,19 @@ spec:
metric
type: string
selector:
- description: selector is the string-encoded
- form of a standard kubernetes label selector
- for the given metric When set, it is passed
- as an additional parameter to the metrics
- server for more specific metrics scoping.
- When unset, just the metricName will be
- used to gather metrics.
+ description: |-
+ selector is the string-encoded form of a standard kubernetes label selector for the given metric
+ When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping.
+ When unset, just the metricName will be used to gather metrics.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The
requirements are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label
@@ -4157,20 +4604,16 @@ spec:
to.
type: string
operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -4182,14 +4625,10 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
@@ -4201,22 +4640,20 @@ spec:
for the given metric
properties:
averageUtilization:
- description: averageUtilization is the target
- value of the average of the resource metric
- across all relevant pods, represented
- as a percentage of the requested value
- of the resource for the pods. Currently
- only valid for Resource metric source
- type
+ description: |-
+ averageUtilization is the target value of the average of the
+ resource metric across all relevant pods, represented as a percentage of
+ the requested value of the resource for the pods.
+ Currently only valid for Resource metric source type
format: int32
type: integer
averageValue:
anyOf:
- type: integer
- type: string
- description: averageValue is the target
- value of the average of the metric across
- all relevant pods (as a quantity)
+ description: |-
+ averageValue is the target value of the average of the
+ metric across all relevant pods (as a quantity)
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type:
@@ -4240,9 +4677,9 @@ spec:
- target
type: object
object:
- description: object refers to a metric describing
- a single kubernetes object (for example, hits-per-second
- on an Ingress object).
+ description: |-
+ object refers to a metric describing a single kubernetes object
+ (for example, hits-per-second on an Ingress object).
properties:
describedObject:
description: CrossVersionObjectReference contains
@@ -4273,23 +4710,19 @@ spec:
metric
type: string
selector:
- description: selector is the string-encoded
- form of a standard kubernetes label selector
- for the given metric When set, it is passed
- as an additional parameter to the metrics
- server for more specific metrics scoping.
- When unset, just the metricName will be
- used to gather metrics.
+ description: |-
+ selector is the string-encoded form of a standard kubernetes label selector for the given metric
+ When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping.
+ When unset, just the metricName will be used to gather metrics.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The
requirements are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label
@@ -4297,20 +4730,16 @@ spec:
to.
type: string
operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -4322,14 +4751,10 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
@@ -4341,22 +4766,20 @@ spec:
for the given metric
properties:
averageUtilization:
- description: averageUtilization is the target
- value of the average of the resource metric
- across all relevant pods, represented
- as a percentage of the requested value
- of the resource for the pods. Currently
- only valid for Resource metric source
- type
+ description: |-
+ averageUtilization is the target value of the average of the
+ resource metric across all relevant pods, represented as a percentage of
+ the requested value of the resource for the pods.
+ Currently only valid for Resource metric source type
format: int32
type: integer
averageValue:
anyOf:
- type: integer
- type: string
- description: averageValue is the target
- value of the average of the metric across
- all relevant pods (as a quantity)
+ description: |-
+ averageValue is the target value of the average of the
+ metric across all relevant pods (as a quantity)
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type:
@@ -4381,11 +4804,10 @@ spec:
- target
type: object
pods:
- description: pods refers to a metric describing
- each pod in the current scale target (for example,
- transactions-processed-per-second). The values
- will be averaged together before being compared
- to the target value.
+ description: |-
+ pods refers to a metric describing each pod in the current scale target
+ (for example, transactions-processed-per-second). The values will be
+ averaged together before being compared to the target value.
properties:
metric:
description: metric identifies the target metric
@@ -4396,23 +4818,19 @@ spec:
metric
type: string
selector:
- description: selector is the string-encoded
- form of a standard kubernetes label selector
- for the given metric When set, it is passed
- as an additional parameter to the metrics
- server for more specific metrics scoping.
- When unset, just the metricName will be
- used to gather metrics.
+ description: |-
+ selector is the string-encoded form of a standard kubernetes label selector for the given metric
+ When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping.
+ When unset, just the metricName will be used to gather metrics.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The
requirements are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label
@@ -4420,20 +4838,16 @@ spec:
to.
type: string
operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -4445,14 +4859,10 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
@@ -4464,22 +4874,20 @@ spec:
for the given metric
properties:
averageUtilization:
- description: averageUtilization is the target
- value of the average of the resource metric
- across all relevant pods, represented
- as a percentage of the requested value
- of the resource for the pods. Currently
- only valid for Resource metric source
- type
+ description: |-
+ averageUtilization is the target value of the average of the
+ resource metric across all relevant pods, represented as a percentage of
+ the requested value of the resource for the pods.
+ Currently only valid for Resource metric source type
format: int32
type: integer
averageValue:
anyOf:
- type: integer
- type: string
- description: averageValue is the target
- value of the average of the metric across
- all relevant pods (as a quantity)
+ description: |-
+ averageValue is the target value of the average of the
+ metric across all relevant pods (as a quantity)
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type:
@@ -4503,13 +4911,12 @@ spec:
- target
type: object
resource:
- description: resource refers to a resource metric
- (such as those specified in requests and limits)
- known to Kubernetes describing each pod in the
- current scale target (e.g. CPU or memory). Such
- metrics are built in to Kubernetes, and have special
- scaling options on top of those available to normal
- per-pod metrics using the "pods" source.
+ description: |-
+ resource refers to a resource metric (such as those specified in
+ requests and limits) known to Kubernetes describing each pod in the
+ current scale target (e.g. CPU or memory). Such metrics are built in to
+ Kubernetes, and have special scaling options on top of those available
+ to normal per-pod metrics using the "pods" source.
properties:
name:
description: name is the name of the resource
@@ -4520,22 +4927,20 @@ spec:
for the given metric
properties:
averageUtilization:
- description: averageUtilization is the target
- value of the average of the resource metric
- across all relevant pods, represented
- as a percentage of the requested value
- of the resource for the pods. Currently
- only valid for Resource metric source
- type
+ description: |-
+ averageUtilization is the target value of the average of the
+ resource metric across all relevant pods, represented as a percentage of
+ the requested value of the resource for the pods.
+ Currently only valid for Resource metric source type
format: int32
type: integer
averageValue:
anyOf:
- type: integer
- type: string
- description: averageValue is the target
- value of the average of the metric across
- all relevant pods (as a quantity)
+ description: |-
+ averageValue is the target value of the average of the
+ metric across all relevant pods (as a quantity)
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type:
@@ -4559,12 +4964,11 @@ spec:
- target
type: object
type:
- description: 'type is the type of metric source. It
- should be one of "ContainerResource", "External",
- "Object", "Pods" or "Resource", each mapping to
- a matching field in the object. Note: "ContainerResource"
- type is available on when the feature-gate HPAContainerMetrics
- is enabled'
+ description: |-
+ type is the type of metric source. It should be one of "ContainerResource", "External",
+ "Object", "Pods" or "Resource", each mapping to a matching field in the object.
+ Note: "ContainerResource" type is available on when the feature-gate
+ HPAContainerMetrics is enabled
type: string
required:
- type
@@ -4586,17 +4990,24 @@ spec:
type: string
type: object
claims:
- description: "Claims lists the names of resources, defined in
- spec.resourceClaims, that are used by this container. \n This
- is an alpha field and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable."
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
- description: Name must match the name of one entry in pod.spec.resourceClaims
- of the Pod where this field is used. It makes that resource
- available inside a container.
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
type: string
required:
- name
@@ -4609,11 +5020,205 @@ spec:
description: the reference for cn configMap.
properties:
configMapName:
- description: the config info for start progress.
+ description: |-
+ ConfigMapName mapped the configuration files in the doris 'conf/' directory.
+ such as 'fe.conf', 'be.conf'. If HDFS access is involved, there may also be 'core-site.xml' and other files.
+ doris-operator mounts these configuration files in the '/etc/doris' directory by default.
+ links them to the 'conf/' directory of the doris component through soft links.
type: string
+ configMaps:
+ description: |-
+ ConfigMaps can mount multiple configmaps to the specified path.
+ The mounting path of configmap cannot be repeated.
+ items:
+ properties:
+ configMapName:
+ description: name of configmap that needs to mount.
+ type: string
+ mountPath:
+ description: |-
+ Current ConfigMap Mount Path.
+ If MountConfigMapInfo belongs to the same ConfigMapInfo, their MountPath cannot be repeated.
+ type: string
+ type: object
+ type: array
resolveKey:
- description: the config response key in configmap.
+ description: |-
+ Deprecated: This configuration has been abandoned and will be cleared in version 1.7.0.
+ It is currently forced to be 'fe.conf', 'be.conf', 'apache_hdfs_broker.conf'
+ It is no longer effective. the configuration content will not take effect.
+ type: string
+ type: object
+ containerSecurityContext:
+ description: Security context for all containers running in the
+ pod (unless they override it).
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ This field is alpha-level and will only be honored by components that enable the
+ WindowsHostProcessContainers feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod. All of a Pod's containers must
+ have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess is true
+ then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
type: object
envVars:
description: cnEnvVars is a slice of environment variables that
@@ -4627,15 +5232,16 @@ spec:
C_IDENTIFIER.
type: string
value:
- description: 'Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in
- the container and any service environment variables. If
- a variable cannot be resolved, the reference in the input
- string will be unchanged. Double $$ are reduced to a single
- $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Defaults to "".'
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value.
@@ -4648,9 +5254,10 @@ spec:
description: The key to select.
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its
@@ -4661,11 +5268,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
fieldRef:
- description: 'Selects a field of the pod: supports metadata.name,
- metadata.namespace, `metadata.labels['''']`,
- `metadata.annotations['''']`, spec.nodeName,
- spec.serviceAccountName, status.hostIP, status.podIP,
- status.podIPs.'
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema the FieldPath
@@ -4680,10 +5285,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
- description: 'Selects a resource of the container: only
- resources limits and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu, requests.memory
- and requests.ephemeral-storage) are currently supported.'
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required for volumes,
@@ -4713,9 +5317,10 @@ spec:
be a valid secret key.
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key
@@ -4752,19 +5357,14 @@ spec:
type: integer
type: object
type: object
- fsGroup:
- description: 'A special supplemental group that applies to all
- containers in a pod. Some volume types allow the Kubelet to
- change the ownership of that volume to be owned by the pod:'
- format: int64
- type: integer
hostAliases:
- description: HostAliases is an optional list of hosts and IPs
- that will be injected into the pod's hosts file if specified.
- This is only valid for non-hostNetwork pods.
+ description: |-
+ HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
+ file if specified. This is only valid for non-hostNetwork pods.
items:
- description: HostAlias holds the mapping between IP and hostnames
- that will be injected as an entry in the pod's hosts file.
+ description: |-
+ HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
+ pod's hosts file.
properties:
hostnames:
description: Hostnames for the above IP address.
@@ -4780,18 +5380,20 @@ spec:
description: Image for a doris cn deployment.
type: string
imagePullSecrets:
- description: 'ImagePullSecrets is an optional list of references
- to secrets in the same namespace to use for pulling any of the
- images used by this PodSpec. If specified, these secrets will
- be passed to individual puller implementations for them to use.
- More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
+ description: |-
+ ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ If specified, these secrets will be passed to individual puller implementations for them to use.
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
items:
- description: LocalObjectReference contains enough information
- to let you locate the referenced object inside the same namespace.
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
@@ -4803,8 +5405,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
nodeSelector:
additionalProperties:
@@ -4828,28 +5431,27 @@ spec:
spec about storage that pods are required.
properties:
accessModes:
- description: 'accessModes contains the desired access
- modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
items:
type: string
type: array
dataSource:
- description: 'dataSource field can be used to specify
- either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim) If the provisioner
- or an external controller can support the specified
- data source, it will create a new volume based on
- the contents of the specified data source. When the
- AnyVolumeDataSource feature gate is enabled, dataSource
- contents will be copied to dataSourceRef, and dataSourceRef
- contents will be copied to dataSource when dataSourceRef.namespace
- is not specified. If the namespace is specified, then
- dataSourceRef will not be copied to dataSource.'
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
properties:
apiGroup:
- description: APIGroup is the group for the resource
- being referenced. If APIGroup is not specified,
- the specified Kind must be in the core API group.
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required.
type: string
kind:
@@ -4866,40 +5468,35 @@ spec:
type: object
x-kubernetes-map-type: atomic
dataSourceRef:
- description: 'dataSourceRef specifies the object from
- which to populate the volume with data, if a non-empty
- volume is desired. This may be any object from a non-empty
- API group (non core object) or a PersistentVolumeClaim
- object. When this field is specified, volume binding
- will only succeed if the type of the specified object
- matches some installed volume populator or dynamic
- provisioner. This field will replace the functionality
- of the dataSource field and as such if both fields
- are non-empty, they must have the same value. For
- backwards compatibility, when namespace isn''t specified
- in dataSourceRef, both fields (dataSource and dataSourceRef)
- will be set to the same value automatically if one
- of them is empty and the other is non-empty. When
- namespace is specified in dataSourceRef, dataSource
- isn''t set to the same value and must be empty. There
- are three important differences between dataSource
- and dataSourceRef: * While dataSource only allows
- two specific types of objects, dataSourceRef allows
- any non-core object, as well as PersistentVolumeClaim
- objects. * While dataSource ignores disallowed values
- (dropping them), dataSourceRef preserves all values,
- and generates an error if a disallowed value is specified.
- * While dataSource only allows local objects, dataSourceRef
- allows objects in any namespaces. (Beta) Using this
- field requires the AnyVolumeDataSource feature gate
- to be enabled. (Alpha) Using the namespace field of
- dataSourceRef requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled.'
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
properties:
apiGroup:
- description: APIGroup is the group for the resource
- being referenced. If APIGroup is not specified,
- the specified Kind must be in the core API group.
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required.
type: string
kind:
@@ -4911,42 +5508,43 @@ spec:
referenced
type: string
namespace:
- description: Namespace is the namespace of resource
- being referenced Note that when a namespace is
- specified, a gateway.networking.k8s.io/ReferenceGrant
- object is required in the referent namespace to
- allow that namespace's owner to accept the reference.
- See the ReferenceGrant documentation for details.
- (Alpha) This field requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled.
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
type: string
required:
- kind
- name
type: object
resources:
- description: 'resources represents the minimum resources
- the volume should have. If RecoverVolumeExpansionFailure
- feature is enabled users are allowed to specify resource
- requirements that are lower than previous value but
- must still be higher than capacity recorded in the
- status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
properties:
claims:
- description: "Claims lists the names of resources,
- defined in spec.resourceClaims, that are used
- by this container. \n This is an alpha field and
- requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable."
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable.
items:
description: ResourceClaim references one entry
in PodSpec.ResourceClaims.
properties:
name:
- description: Name must match the name of one
- entry in pod.spec.resourceClaims of the
- Pod where this field is used. It makes that
- resource available inside a container.
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
type: string
required:
- name
@@ -4962,8 +5560,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
@@ -4972,11 +5571,11 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum amount
- of compute resources required. If Requests is
- omitted for a container, it defaults to Limits
- if that is explicitly specified, otherwise to
- an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
selector:
@@ -4987,26 +5586,25 @@ spec:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
- description: A label selector requirement is a
- selector that contains values, a key, and an
- operator that relates the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty. If the
- operator is Exists or DoesNotExist, the
- values array must be empty. This array is
- replaced during a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -5018,23 +5616,22 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is "In",
- and the values array contains only "value". The
- requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
storageClassName:
- description: 'storageClassName is the name of the StorageClass
- required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
type: string
volumeMode:
- description: volumeMode defines what type of volume
- is required by the claim. Value of Filesystem is implied
- when not included in claim spec.
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
type: string
volumeName:
description: volumeName is the binding reference to
@@ -5063,24 +5660,210 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum amount of compute
- resources required. If Requests is omitted for a container,
- it defaults to Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ securityContext:
+ description: Security context for pod.
+ properties:
+ fsGroup:
+ description: |-
+ A special supplemental group that applies to all containers in a pod.
+ Some volume types allow the Kubelet to change the ownership of that volume
+ to be owned by the pod:
+
+
+ 1. The owning GID will be the FSGroup
+ 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw----
+
+
+ If unset, the Kubelet will not modify the ownership and permissions of any volume.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: |-
+ fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
+ before being exposed inside Pod. This field will only apply to
+ volume types which support fsGroup based ownership(and permissions).
+ It will have no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir.
+ Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in SecurityContext. If set in
+ both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by the containers in this pod.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: |-
+ A list of groups applied to the first process run in each container, in addition
+ to the container's primary GID, the fsGroup (if specified), and group memberships
+ defined in the container image for the uid of the container process. If unspecified,
+ no additional groups are added to any container. Note that group memberships
+ defined in the container image for the uid of the container process are still effective,
+ even if they are not included in this list.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: |-
+ Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
+ sysctls (by the container runtime) might fail to launch.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options within a container's SecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ This field is alpha-level and will only be honored by components that enable the
+ WindowsHostProcessContainers feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod. All of a Pod's containers must
+ have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess is true
+ then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
type: object
service:
- description: expose the be listen ports
+ description: |-
+ expose doris components for accessing.
+ example: if you want to use `stream load` to load data into doris out k8s, you can use be service and config different service type for loading data.
properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations for using function on different cloud
+ platform.
+ type: object
loadBalancerIP:
- description: 'Only applies to Service Type: LoadBalancer.
- This feature depends on whether the underlying cloud-provider
- supports specifying the loadBalancerIP when a load balancer
- is created. This field will be ignored if the cloud-provider
- does not support the feature. This field was under-specified
- and its meaning varies across implementations, and it cannot
- support dual-stack. As of Kubernetes v1.24, users are encouraged
- to use implementation-specific annotations when available.
- This field may be removed in a future API version.'
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ This field was under-specified and its meaning varies across implementations,
+ and it cannot support dual-stack.
+ As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available.
+ This field may be removed in a future API version.
type: string
servicePorts:
description: ServicePort config service for NodePort access
@@ -5089,37 +5872,37 @@ spec:
description: DorisServicePort for ServiceType=NodePort situation.
properties:
nodePort:
- description: 'The port on each node on which this service
- is exposed when type is NodePort or LoadBalancer. Usually
- assigned by the system. If a value is specified, in-range,
- and not in use it will be used, otherwise the operation
- will fail. If not specified, a port will be allocated
- if this Service requires one. If this field is specified
- when creating a Service which does not need it, creation
- will fail. This field will be wiped when updating
- a Service to no longer need it (e.g. changing type
- from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
- need in 30000-32767'
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ need in 30000-32767
format: int32
type: integer
targetPort:
- description: 'Number or name of the port to access on
- the pods targeted by the service. Number must be in
- the range 1 to 65535. Name must be an IANA_SVC_NAME.
- If this is a string, it will be looked up as a named
- port in the target Pod''s container ports. If this
- is not specified, the value of the ''port'' field
- is used (an identity map). This field is ignored for
- services with clusterIP=None, and should be omitted
- or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
format: int32
type: integer
type: object
type: array
type:
- description: 'type of service,the possible value for the service
- type are : ClusterIP, NodePort, LoadBalancer,ExternalName.
- More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ description: |-
+ type of service,the possible value for the service type are : ClusterIP, NodePort, LoadBalancer,ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
type: string
type: object
serviceAccount:
@@ -5147,41 +5930,39 @@ spec:
description: (Optional) Tolerations for scheduling pods onto some
dedicated nodes
items:
- description: The pod this Toleration is attached to tolerates
- any taint that matches the triple using
- the matching operator .
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
properties:
effect:
- description: Effect indicates the taint effect to match.
- Empty means match all taint effects. When specified, allowed
- values are NoSchedule, PreferNoSchedule and NoExecute.
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
- description: Key is the taint key that the toleration applies
- to. Empty means match all taint keys. If the key is empty,
- operator must be Exists; this combination means to match
- all values and all keys.
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
- description: Operator represents a key's relationship to
- the value. Valid operators are Exists and Equal. Defaults
- to Equal. Exists is equivalent to wildcard for value,
- so that a pod can tolerate all taints of a particular
- category.
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
type: string
tolerationSeconds:
- description: TolerationSeconds represents the period of
- time the toleration (which must be of effect NoExecute,
- otherwise this field is ignored) tolerates the taint.
- By default, it is not set, which means tolerate the taint
- forever (do not evict). Zero and negative values will
- be treated as 0 (evict immediately) by the system.
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
- description: Value is the taint value the toleration matches
- to. If the operator is Exists, the value should be empty,
- otherwise just a regular string.
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
@@ -5200,22 +5981,20 @@ spec:
the pod.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the affinity expressions specified
- by this field, but it may choose a node that violates
- one or more of the expressions. The node that is most
- preferred is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node matches the corresponding matchExpressions;
- the node(s) with the highest sum are the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
items:
- description: An empty preferred scheduling term matches
- all objects with implicit weight 0 (i.e. it's a no-op).
- A null preferred scheduling term matches no objects
- (i.e. is also a no-op).
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
properties:
preference:
description: A node selector term, associated with
@@ -5225,32 +6004,26 @@ spec:
description: A list of node selector requirements
by node's labels.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -5263,32 +6036,26 @@ spec:
description: A list of node selector requirements
by node's fields.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -5310,53 +6077,46 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by
- this field are not met at scheduling time, the pod will
- not be scheduled onto the node. If the affinity requirements
- specified by this field cease to be met at some point
- during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from
- its node.
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
properties:
nodeSelectorTerms:
description: Required. A list of node selector terms.
The terms are ORed.
items:
- description: A null or empty node selector term
- matches no objects. The requirements of them are
- ANDed. The TopologySelectorTerm type implements
- a subset of the NodeSelectorTerm.
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -5369,32 +6129,26 @@ spec:
description: A list of node selector requirements
by node's fields.
items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
items:
type: string
type: array
@@ -5417,18 +6171,16 @@ spec:
other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the affinity expressions specified
- by this field, but it may choose a node that violates
- one or more of the expressions. The node that is most
- preferred is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest sum are
- the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred
@@ -5447,30 +6199,25 @@ spec:
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -5482,53 +6229,45 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by
- this field and the ones listed in the namespaces
- field. null selector and null or empty namespaces
- list means "this pod's namespace". An empty
- selector ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -5540,42 +6279,37 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to.
- The term is applied to the union of the namespaces
- listed in this field and the ones selected
- by namespaceSelector. null or empty namespaces
- list and null namespaceSelector means "this
- pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the
- pods matching the labelSelector in the specified
- namespaces, where co-located is defined as
- running on a node whose value of the label
- with key topologyKey matches that of any node
- on which any of the selected pods is running.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
- description: weight associated with matching the
- corresponding podAffinityTerm, in the range 1-100.
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
format: int32
type: integer
required:
@@ -5584,23 +6318,22 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by
- this field are not met at scheduling time, the pod will
- not be scheduled onto the node. If the affinity requirements
- specified by this field cease to be met at some point
- during pod execution (e.g. due to a pod label update),
- the system may or may not try to eventually evict the
- pod from its node. When there are multiple elements,
- the lists of nodes corresponding to each podAffinityTerm
- are intersected, i.e. all terms must be satisfied.
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s))
- that this pod should be co-located (affinity) or not
- co-located (anti-affinity) with, where co-located
- is defined as running on a node whose value of the
- label with key matches that of any node
- on which a pod of the set of pods is running
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
properties:
labelSelector:
description: A label query over a set of resources,
@@ -5611,28 +6344,24 @@ spec:
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -5645,51 +6374,44 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by this
- field and the ones listed in the namespaces field.
- null selector and null or empty namespaces list
- means "this pod's namespace". An empty selector
- ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -5702,33 +6424,29 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to. The
- term is applied to the union of the namespaces
- listed in this field and the ones selected by
- namespaceSelector. null or empty namespaces list
- and null namespaceSelector means "this pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey
- matches that of any node on which any of the selected
- pods is running. Empty topologyKey is not allowed.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
type: string
required:
- topologyKey
@@ -5741,18 +6459,16 @@ spec:
as some other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the anti-affinity expressions
- specified by this field, but it may choose a node that
- violates one or more of the expressions. The node that
- is most preferred is the one with the greatest sum of
- weights, i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- anti-affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest sum are
- the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred
@@ -5771,30 +6487,25 @@ spec:
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -5806,53 +6517,45 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by
- this field and the ones listed in the namespaces
- field. null selector and null or empty namespaces
- list means "this pod's namespace". An empty
- selector ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -5864,42 +6567,37 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to.
- The term is applied to the union of the namespaces
- listed in this field and the ones selected
- by namespaceSelector. null or empty namespaces
- list and null namespaceSelector means "this
- pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the
- pods matching the labelSelector in the specified
- namespaces, where co-located is defined as
- running on a node whose value of the label
- with key topologyKey matches that of any node
- on which any of the selected pods is running.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
- description: weight associated with matching the
- corresponding podAffinityTerm, in the range 1-100.
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
format: int32
type: integer
required:
@@ -5908,23 +6606,22 @@ spec:
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
- description: If the anti-affinity requirements specified
- by this field are not met at scheduling time, the pod
- will not be scheduled onto the node. If the anti-affinity
- requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod
- label update), the system may or may not try to eventually
- evict the pod from its node. When there are multiple
- elements, the lists of nodes corresponding to each podAffinityTerm
- are intersected, i.e. all terms must be satisfied.
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s))
- that this pod should be co-located (affinity) or not
- co-located (anti-affinity) with, where co-located
- is defined as running on a node whose value of the
- label with key matches that of any node
- on which a pod of the set of pods is running
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
properties:
labelSelector:
description: A label query over a set of resources,
@@ -5935,28 +6632,24 @@ spec:
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -5969,51 +6662,44 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by this
- field and the ones listed in the namespaces field.
- null selector and null or empty namespaces list
- means "this pod's namespace". An empty selector
- ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
@@ -6026,33 +6712,29 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to. The
- term is applied to the union of the namespaces
- listed in this field and the ones selected by
- namespaceSelector. null or empty namespaces list
- and null namespaceSelector means "this pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
items:
type: string
type: array
topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey
- matches that of any node on which any of the selected
- pods is running. Empty topologyKey is not allowed.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
type: string
required:
- topologyKey
@@ -6067,17 +6749,24 @@ spec:
for collect to monitor system.
type: object
claims:
- description: "Claims lists the names of resources, defined in
- spec.resourceClaims, that are used by this container. \n This
- is an alpha field and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable."
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
- description: Name must match the name of one entry in pod.spec.resourceClaims
- of the Pod where this field is used. It makes that resource
- available inside a container.
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
type: string
required:
- name
@@ -6090,11 +6779,205 @@ spec:
description: the reference for cn configMap.
properties:
configMapName:
- description: the config info for start progress.
+ description: |-
+ ConfigMapName mapped the configuration files in the doris 'conf/' directory.
+ such as 'fe.conf', 'be.conf'. If HDFS access is involved, there may also be 'core-site.xml' and other files.
+ doris-operator mounts these configuration files in the '/etc/doris' directory by default.
+ links them to the 'conf/' directory of the doris component through soft links.
type: string
+ configMaps:
+ description: |-
+ ConfigMaps can mount multiple configmaps to the specified path.
+ The mounting path of configmap cannot be repeated.
+ items:
+ properties:
+ configMapName:
+ description: name of configmap that needs to mount.
+ type: string
+ mountPath:
+ description: |-
+ Current ConfigMap Mount Path.
+ If MountConfigMapInfo belongs to the same ConfigMapInfo, their MountPath cannot be repeated.
+ type: string
+ type: object
+ type: array
resolveKey:
- description: the config response key in configmap.
+ description: |-
+ Deprecated: This configuration has been abandoned and will be cleared in version 1.7.0.
+ It is currently forced to be 'fe.conf', 'be.conf', 'apache_hdfs_broker.conf'
+ It is no longer effective. the configuration content will not take effect.
+ type: string
+ type: object
+ containerSecurityContext:
+ description: Security context for all containers running in the
+ pod (unless they override it).
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ This field is alpha-level and will only be honored by components that enable the
+ WindowsHostProcessContainers feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod. All of a Pod's containers must
+ have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess is true
+ then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
type: object
electionNumber:
description: the number of fe in election. electionNumber <= replicas,
@@ -6113,15 +6996,16 @@ spec:
C_IDENTIFIER.
type: string
value:
- description: 'Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in
- the container and any service environment variables. If
- a variable cannot be resolved, the reference in the input
- string will be unchanged. Double $$ are reduced to a single
- $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Defaults to "".'
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value.
@@ -6134,9 +7018,10 @@ spec:
description: The key to select.
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its
@@ -6147,11 +7032,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
fieldRef:
- description: 'Selects a field of the pod: supports metadata.name,
- metadata.namespace, `metadata.labels['''']`,
- `metadata.annotations['''']`, spec.nodeName,
- spec.serviceAccountName, status.hostIP, status.podIP,
- status.podIPs.'
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema the FieldPath
@@ -6166,10 +7049,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
- description: 'Selects a resource of the container: only
- resources limits and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu, requests.memory
- and requests.ephemeral-storage) are currently supported.'
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required for volumes,
@@ -6199,9 +7081,10 @@ spec:
be a valid secret key.
type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key
@@ -6238,19 +7121,14 @@ spec:
type: integer
type: object
type: object
- fsGroup:
- description: 'A special supplemental group that applies to all
- containers in a pod. Some volume types allow the Kubelet to
- change the ownership of that volume to be owned by the pod:'
- format: int64
- type: integer
hostAliases:
- description: HostAliases is an optional list of hosts and IPs
- that will be injected into the pod's hosts file if specified.
- This is only valid for non-hostNetwork pods.
+ description: |-
+ HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
+ file if specified. This is only valid for non-hostNetwork pods.
items:
- description: HostAlias holds the mapping between IP and hostnames
- that will be injected as an entry in the pod's hosts file.
+ description: |-
+ HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
+ pod's hosts file.
properties:
hostnames:
description: Hostnames for the above IP address.
@@ -6266,18 +7144,20 @@ spec:
description: Image for a doris cn deployment.
type: string
imagePullSecrets:
- description: 'ImagePullSecrets is an optional list of references
- to secrets in the same namespace to use for pulling any of the
- images used by this PodSpec. If specified, these secrets will
- be passed to individual puller implementations for them to use.
- More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
+ description: |-
+ ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ If specified, these secrets will be passed to individual puller implementations for them to use.
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
items:
- description: LocalObjectReference contains enough information
- to let you locate the referenced object inside the same namespace.
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
@@ -6289,8 +7169,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
nodeSelector:
additionalProperties:
@@ -6314,28 +7195,27 @@ spec:
spec about storage that pods are required.
properties:
accessModes:
- description: 'accessModes contains the desired access
- modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
items:
type: string
type: array
dataSource:
- description: 'dataSource field can be used to specify
- either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim) If the provisioner
- or an external controller can support the specified
- data source, it will create a new volume based on
- the contents of the specified data source. When the
- AnyVolumeDataSource feature gate is enabled, dataSource
- contents will be copied to dataSourceRef, and dataSourceRef
- contents will be copied to dataSource when dataSourceRef.namespace
- is not specified. If the namespace is specified, then
- dataSourceRef will not be copied to dataSource.'
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
properties:
apiGroup:
- description: APIGroup is the group for the resource
- being referenced. If APIGroup is not specified,
- the specified Kind must be in the core API group.
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required.
type: string
kind:
@@ -6352,40 +7232,35 @@ spec:
type: object
x-kubernetes-map-type: atomic
dataSourceRef:
- description: 'dataSourceRef specifies the object from
- which to populate the volume with data, if a non-empty
- volume is desired. This may be any object from a non-empty
- API group (non core object) or a PersistentVolumeClaim
- object. When this field is specified, volume binding
- will only succeed if the type of the specified object
- matches some installed volume populator or dynamic
- provisioner. This field will replace the functionality
- of the dataSource field and as such if both fields
- are non-empty, they must have the same value. For
- backwards compatibility, when namespace isn''t specified
- in dataSourceRef, both fields (dataSource and dataSourceRef)
- will be set to the same value automatically if one
- of them is empty and the other is non-empty. When
- namespace is specified in dataSourceRef, dataSource
- isn''t set to the same value and must be empty. There
- are three important differences between dataSource
- and dataSourceRef: * While dataSource only allows
- two specific types of objects, dataSourceRef allows
- any non-core object, as well as PersistentVolumeClaim
- objects. * While dataSource ignores disallowed values
- (dropping them), dataSourceRef preserves all values,
- and generates an error if a disallowed value is specified.
- * While dataSource only allows local objects, dataSourceRef
- allows objects in any namespaces. (Beta) Using this
- field requires the AnyVolumeDataSource feature gate
- to be enabled. (Alpha) Using the namespace field of
- dataSourceRef requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled.'
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
properties:
apiGroup:
- description: APIGroup is the group for the resource
- being referenced. If APIGroup is not specified,
- the specified Kind must be in the core API group.
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required.
type: string
kind:
@@ -6397,42 +7272,43 @@ spec:
referenced
type: string
namespace:
- description: Namespace is the namespace of resource
- being referenced Note that when a namespace is
- specified, a gateway.networking.k8s.io/ReferenceGrant
- object is required in the referent namespace to
- allow that namespace's owner to accept the reference.
- See the ReferenceGrant documentation for details.
- (Alpha) This field requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled.
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
type: string
required:
- kind
- name
type: object
resources:
- description: 'resources represents the minimum resources
- the volume should have. If RecoverVolumeExpansionFailure
- feature is enabled users are allowed to specify resource
- requirements that are lower than previous value but
- must still be higher than capacity recorded in the
- status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
properties:
claims:
- description: "Claims lists the names of resources,
- defined in spec.resourceClaims, that are used
- by this container. \n This is an alpha field and
- requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable."
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable.
items:
description: ResourceClaim references one entry
in PodSpec.ResourceClaims.
properties:
name:
- description: Name must match the name of one
- entry in pod.spec.resourceClaims of the
- Pod where this field is used. It makes that
- resource available inside a container.
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
type: string
required:
- name
@@ -6448,8 +7324,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
@@ -6458,11 +7335,11 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum amount
- of compute resources required. If Requests is
- omitted for a container, it defaults to Limits
- if that is explicitly specified, otherwise to
- an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
selector:
@@ -6473,26 +7350,25 @@ spec:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
- description: A label selector requirement is a
- selector that contains values, a key, and an
- operator that relates the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty. If the
- operator is Exists or DoesNotExist, the
- values array must be empty. This array is
- replaced during a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
items:
type: string
type: array
@@ -6504,23 +7380,22 @@ spec:
matchLabels:
additionalProperties:
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is "In",
- and the values array contains only "value". The
- requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
storageClassName:
- description: 'storageClassName is the name of the StorageClass
- required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
type: string
volumeMode:
- description: volumeMode defines what type of volume
- is required by the claim. Value of Filesystem is implied
- when not included in claim spec.
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
type: string
volumeName:
description: volumeName is the binding reference to
@@ -6549,24 +7424,210 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum amount of compute
- resources required. If Requests is omitted for a container,
- it defaults to Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ securityContext:
+ description: Security context for pod.
+ properties:
+ fsGroup:
+ description: |-
+ A special supplemental group that applies to all containers in a pod.
+ Some volume types allow the Kubelet to change the ownership of that volume
+ to be owned by the pod:
+
+
+ 1. The owning GID will be the FSGroup
+ 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw----
+
+
+ If unset, the Kubelet will not modify the ownership and permissions of any volume.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: |-
+ fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
+ before being exposed inside Pod. This field will only apply to
+ volume types which support fsGroup based ownership(and permissions).
+ It will have no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir.
+ Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in SecurityContext. If set in
+ both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by the containers in this pod.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: |-
+ A list of groups applied to the first process run in each container, in addition
+ to the container's primary GID, the fsGroup (if specified), and group memberships
+ defined in the container image for the uid of the container process. If unspecified,
+ no additional groups are added to any container. Note that group memberships
+ defined in the container image for the uid of the container process are still effective,
+ even if they are not included in this list.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: |-
+ Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
+ sysctls (by the container runtime) might fail to launch.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options within a container's SecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ This field is alpha-level and will only be honored by components that enable the
+ WindowsHostProcessContainers feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod. All of a Pod's containers must
+ have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers). In addition, if HostProcess is true
+ then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
type: object
service:
- description: expose the be listen ports
+ description: |-
+ expose doris components for accessing.
+ example: if you want to use `stream load` to load data into doris out k8s, you can use be service and config different service type for loading data.
properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations for using function on different cloud
+ platform.
+ type: object
loadBalancerIP:
- description: 'Only applies to Service Type: LoadBalancer.
- This feature depends on whether the underlying cloud-provider
- supports specifying the loadBalancerIP when a load balancer
- is created. This field will be ignored if the cloud-provider
- does not support the feature. This field was under-specified
- and its meaning varies across implementations, and it cannot
- support dual-stack. As of Kubernetes v1.24, users are encouraged
- to use implementation-specific annotations when available.
- This field may be removed in a future API version.'
+ description: |-
+ Only applies to Service Type: LoadBalancer.
+ This feature depends on whether the underlying cloud-provider supports specifying
+ the loadBalancerIP when a load balancer is created.
+ This field will be ignored if the cloud-provider does not support the feature.
+ This field was under-specified and its meaning varies across implementations,
+ and it cannot support dual-stack.
+ As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available.
+ This field may be removed in a future API version.
type: string
servicePorts:
description: ServicePort config service for NodePort access
@@ -6575,37 +7636,37 @@ spec:
description: DorisServicePort for ServiceType=NodePort situation.
properties:
nodePort:
- description: 'The port on each node on which this service
- is exposed when type is NodePort or LoadBalancer. Usually
- assigned by the system. If a value is specified, in-range,
- and not in use it will be used, otherwise the operation
- will fail. If not specified, a port will be allocated
- if this Service requires one. If this field is specified
- when creating a Service which does not need it, creation
- will fail. This field will be wiped when updating
- a Service to no longer need it (e.g. changing type
- from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
- need in 30000-32767'
+ description: |-
+ The port on each node on which this service is exposed when type is
+ NodePort or LoadBalancer. Usually assigned by the system. If a value is
+ specified, in-range, and not in use it will be used, otherwise the
+ operation will fail. If not specified, a port will be allocated if this
+ Service requires one. If this field is specified when creating a
+ Service which does not need it, creation will fail. This field will be
+ wiped when updating a Service to no longer need it (e.g. changing type
+ from NodePort to ClusterIP).
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ need in 30000-32767
format: int32
type: integer
targetPort:
- description: 'Number or name of the port to access on
- the pods targeted by the service. Number must be in
- the range 1 to 65535. Name must be an IANA_SVC_NAME.
- If this is a string, it will be looked up as a named
- port in the target Pod''s container ports. If this
- is not specified, the value of the ''port'' field
- is used (an identity map). This field is ignored for
- services with clusterIP=None, and should be omitted
- or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ description: |-
+ Number or name of the port to access on the pods targeted by the service.
+ Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ If this is a string, it will be looked up as a named port in the
+ target Pod's container ports. If this is not specified, the value
+ of the 'port' field is used (an identity map).
+ This field is ignored for services with clusterIP=None, and should be
+ omitted or set equal to the 'port' field.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
format: int32
type: integer
type: object
type: array
type:
- description: 'type of service,the possible value for the service
- type are : ClusterIP, NodePort, LoadBalancer,ExternalName.
- More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ description: |-
+ type of service,the possible value for the service type are : ClusterIP, NodePort, LoadBalancer,ExternalName.
+ More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
type: string
type: object
serviceAccount:
@@ -6633,41 +7694,39 @@ spec:
description: (Optional) Tolerations for scheduling pods onto some
dedicated nodes
items:
- description: The pod this Toleration is attached to tolerates
- any taint that matches the triple using
- the matching operator .
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
properties:
effect:
- description: Effect indicates the taint effect to match.
- Empty means match all taint effects. When specified, allowed
- values are NoSchedule, PreferNoSchedule and NoExecute.
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
- description: Key is the taint key that the toleration applies
- to. Empty means match all taint keys. If the key is empty,
- operator must be Exists; this combination means to match
- all values and all keys.
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
- description: Operator represents a key's relationship to
- the value. Valid operators are Exists and Equal. Defaults
- to Equal. Exists is equivalent to wildcard for value,
- so that a pod can tolerate all taints of a particular
- category.
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
type: string
tolerationSeconds:
- description: TolerationSeconds represents the period of
- time the toleration (which must be of effect NoExecute,
- otherwise this field is ignored) tolerates the taint.
- By default, it is not set, which means tolerate the taint
- forever (do not evict). Zero and negative values will
- be treated as 0 (evict immediately) by the system.
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
- description: Value is the taint value the toleration matches
- to. If the operator is Exists, the value should be empty,
- otherwise just a regular string.
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
@@ -6683,8 +7742,9 @@ spec:
and failed pods.
properties:
accessService:
- description: DorisComponentStatus represents the status of a doris
- component. the name of fe service exposed for user.
+ description: |-
+ DorisComponentStatus represents the status of a doris component.
+ the name of fe service exposed for user.
type: string
componentCondition:
properties:
@@ -6733,8 +7793,9 @@ spec:
and failed pods.
properties:
accessService:
- description: DorisComponentStatus represents the status of a doris
- component. the name of fe service exposed for user.
+ description: |-
+ DorisComponentStatus represents the status of a doris component.
+ the name of fe service exposed for user.
type: string
componentCondition:
properties:
@@ -6783,8 +7844,9 @@ spec:
and failed pods.
properties:
accessService:
- description: DorisComponentStatus represents the status of a doris
- component. the name of fe service exposed for user.
+ description: |-
+ DorisComponentStatus represents the status of a doris component.
+ the name of fe service exposed for user.
type: string
componentCondition:
properties:
@@ -6843,8 +7905,9 @@ spec:
and failed pods.
properties:
accessService:
- description: DorisComponentStatus represents the status of a doris
- component. the name of fe service exposed for user.
+ description: |-
+ DorisComponentStatus represents the status of a doris component.
+ the name of fe service exposed for user.
type: string
componentCondition:
properties:
diff --git a/pkg/common/utils/resource/pod.go b/pkg/common/utils/resource/pod.go
index 7f9e663d..aa6c6d10 100644
--- a/pkg/common/utils/resource/pod.go
+++ b/pkg/common/utils/resource/pod.go
@@ -57,21 +57,26 @@ func NewPodTemplateSpec(dcr *v1.DorisCluster, componentType v1.ComponentType) co
var si *v1.SystemInitialization
var dcrAffinity *corev1.Affinity
var defaultInitContainers []corev1.Container
+ var SecurityContext *corev1.PodSecurityContext
switch componentType {
case v1.Component_FE:
volumes = newVolumesFromBaseSpec(dcr.Spec.FeSpec.BaseSpec)
si = dcr.Spec.FeSpec.BaseSpec.SystemInitialization
dcrAffinity = dcr.Spec.FeSpec.BaseSpec.Affinity
+ SecurityContext = dcr.Spec.FeSpec.BaseSpec.SecurityContext
case v1.Component_BE:
volumes = newVolumesFromBaseSpec(dcr.Spec.BeSpec.BaseSpec)
si = dcr.Spec.BeSpec.BaseSpec.SystemInitialization
dcrAffinity = dcr.Spec.BeSpec.BaseSpec.Affinity
+ SecurityContext = dcr.Spec.BeSpec.BaseSpec.SecurityContext
case v1.Component_CN:
si = dcr.Spec.CnSpec.BaseSpec.SystemInitialization
dcrAffinity = dcr.Spec.CnSpec.BaseSpec.Affinity
+ SecurityContext = dcr.Spec.CnSpec.BaseSpec.SecurityContext
case v1.Component_Broker:
si = dcr.Spec.BrokerSpec.BaseSpec.SystemInitialization
dcrAffinity = dcr.Spec.BrokerSpec.BaseSpec.Affinity
+ SecurityContext = dcr.Spec.BrokerSpec.BaseSpec.SecurityContext
default:
klog.Errorf("NewPodTemplateSpec dorisClusterName %s, namespace %s componentType %s not supported.", dcr.Name, dcr.Namespace, componentType)
}
@@ -113,6 +118,7 @@ func NewPodTemplateSpec(dcr *v1.DorisCluster, componentType v1.ComponentType) co
Tolerations: spec.Tolerations,
HostAliases: spec.HostAliases,
InitContainers: defaultInitContainers,
+ SecurityContext: SecurityContext,
},
}
@@ -122,6 +128,23 @@ func NewPodTemplateSpec(dcr *v1.DorisCluster, componentType v1.ComponentType) co
return pts
}
+// ApplySecurityContext applies the container security context to all containers in the pod (if not already set).
+func ApplySecurityContext(containers []corev1.Container, securityContext *corev1.SecurityContext) []corev1.Container {
+ if securityContext == nil {
+ return containers
+ }
+
+ for i := range containers {
+ if containers[i].SecurityContext == nil {
+ containers[i].SecurityContext = securityContext
+ } else {
+ klog.Info("SecurityContext already exists in container" + containers[i].Name + "! Not overwriting it.")
+ }
+ }
+
+ return containers
+}
+
func constructInitContainers(componentType v1.ComponentType, podSpec *corev1.PodSpec, si *v1.SystemInitialization) {
defaultImage := ""
var defaultInitContains []corev1.Container
diff --git a/pkg/controller/sub_controller/be/pod.go b/pkg/controller/sub_controller/be/pod.go
index 4fbce4a1..66dd3e36 100644
--- a/pkg/controller/sub_controller/be/pod.go
+++ b/pkg/controller/sub_controller/be/pod.go
@@ -18,6 +18,7 @@ func (be *Controller) buildBEPodTemplateSpec(dcr *v1.DorisCluster) corev1.PodTem
containers = append(containers, podTemplateSpec.Spec.Containers...)
beContainer := be.beContainer(dcr)
containers = append(containers, beContainer)
+ containers = resource.ApplySecurityContext(containers, dcr.Spec.BeSpec.ContainerSecurityContext)
podTemplateSpec.Spec.Containers = containers
return podTemplateSpec
}
diff --git a/pkg/controller/sub_controller/broker/pod.go b/pkg/controller/sub_controller/broker/pod.go
index 02364928..54cc2a41 100644
--- a/pkg/controller/sub_controller/broker/pod.go
+++ b/pkg/controller/sub_controller/broker/pod.go
@@ -16,6 +16,7 @@ func (broker *Controller) buildBrokerPodTemplateSpec(dcr *v1.DorisCluster) corev
containers = append(containers, podTemplateSpec.Spec.Containers...)
bkContainer := broker.brokerContainer(dcr)
containers = append(containers, bkContainer)
+ containers = resource.ApplySecurityContext(containers, dcr.Spec.BrokerSpec.ContainerSecurityContext)
podTemplateSpec.Spec.Containers = containers
return podTemplateSpec
}
diff --git a/pkg/controller/sub_controller/cn/pod.go b/pkg/controller/sub_controller/cn/pod.go
index 1917318e..1f41f0fa 100644
--- a/pkg/controller/sub_controller/cn/pod.go
+++ b/pkg/controller/sub_controller/cn/pod.go
@@ -15,6 +15,8 @@ func (cn *Controller) buildCnPodTemplateSpec(dcr *v1.DorisCluster) corev1.PodTem
containers = append(containers, podTemplateSpec.Spec.Containers...)
cnContainer := cn.cnContainer(dcr)
containers = append(containers, cnContainer)
+
+ containers = resource.ApplySecurityContext(containers, dcr.Spec.CnSpec.ContainerSecurityContext)
podTemplateSpec.Spec.Containers = containers
return podTemplateSpec
}
diff --git a/pkg/controller/sub_controller/fe/pod.go b/pkg/controller/sub_controller/fe/pod.go
index a2bbb685..59539590 100644
--- a/pkg/controller/sub_controller/fe/pod.go
+++ b/pkg/controller/sub_controller/fe/pod.go
@@ -20,6 +20,7 @@ func (fc *Controller) buildFEPodTemplateSpec(dcr *v1.DorisCluster) corev1.PodTem
config, _ := fc.GetConfig(context.Background(), &dcr.Spec.FeSpec.ConfigMapInfo, dcr.Namespace, v1.Component_FE)
feContainer := fc.feContainer(dcr, config)
containers = append(containers, feContainer)
+ containers = resource.ApplySecurityContext(containers, dcr.Spec.FeSpec.ContainerSecurityContext)
podTemplateSpec.Spec.Containers = containers
return podTemplateSpec
}