| // Copyright 2024 Apache Software Foundation (ASF) |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| package v1alpha08 |
| |
| import corev1 "k8s.io/api/core/v1" |
| |
| // ContainerSpec is the container for the internal deployments based on the default Kubernetes Container API |
| type ContainerSpec struct { |
| // Container image name. |
| // More info: https://kubernetes.io/docs/concepts/containers/images |
| // This field is optional to allow higher level config management to default or override |
| // container images in workload controllers like Deployments and StatefulSets. |
| // +optional |
| Image string `json:"image,omitempty" protobuf:"bytes,2,opt,name=image"` |
| // Entrypoint array. Not executed within a shell. |
| // The container image's ENTRYPOINT is used if this is not provided. |
| // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable |
| // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced |
| // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will |
| // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless |
| // of whether the variable exists or not. Cannot be updated. |
| // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell |
| // +optional |
| Command []string `json:"command,omitempty" protobuf:"bytes,3,rep,name=command"` |
| // Arguments to the entrypoint. |
| // The container image's CMD is used if this is not provided. |
| // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable |
| // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced |
| // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will |
| // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless |
| // of whether the variable exists or not. Cannot be updated. |
| // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell |
| // +optional |
| Args []string `json:"args,omitempty" protobuf:"bytes,4,rep,name=args"` |
| // List of ports to expose from the container. Not specifying a port here |
| // DOES NOT prevent that port from being exposed. Any port which is |
| // listening on the default "0.0.0.0" address inside a container will be |
| // accessible from the network. |
| // Modifying this array with strategic merge patch may corrupt the data. |
| // For more information See https://github.com/kubernetes/kubernetes/issues/108255. |
| // Cannot be updated. |
| // +optional |
| // +patchMergeKey=containerPort |
| // +patchStrategy=merge |
| // +listType=map |
| // +listMapKey=containerPort |
| // +listMapKey=protocol |
| Ports []corev1.ContainerPort `json:"ports,omitempty" patchStrategy:"merge" patchMergeKey:"containerPort" protobuf:"bytes,6,rep,name=ports"` |
| // List of sources to populate environment variables in the container. |
| // The keys defined within a source must be a C_IDENTIFIER. All invalid keys |
| // will be reported as an event when the container is starting. When a key exists in multiple |
| // sources, the value associated with the last source will take precedence. |
| // Values defined by an Env with a duplicate key will take precedence. |
| // Cannot be updated. |
| // +optional |
| EnvFrom []corev1.EnvFromSource `json:"envFrom,omitempty" protobuf:"bytes,19,rep,name=envFrom"` |
| // List of environment variables to set in the container. |
| // Cannot be updated. |
| // +optional |
| // +patchMergeKey=name |
| // +patchStrategy=merge |
| Env []corev1.EnvVar `json:"env,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,7,rep,name=env"` |
| // Compute Resources required by this container. |
| // Cannot be updated. |
| // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
| // +optional |
| Resources corev1.ResourceRequirements `json:"resources,omitempty" protobuf:"bytes,8,opt,name=resources"` |
| // Resources resize policy for the container. |
| // +featureGate=InPlacePodVerticalScaling |
| // +optional |
| // +listType=atomic |
| ResizePolicy []corev1.ContainerResizePolicy `json:"resizePolicy,omitempty" protobuf:"bytes,23,rep,name=resizePolicy"` |
| // Pod volumes to mount into the container's filesystem. |
| // Cannot be updated. |
| // +optional |
| // +patchMergeKey=mountPath |
| // +patchStrategy=merge |
| VolumeMounts []corev1.VolumeMount `json:"volumeMounts,omitempty" patchStrategy:"merge" patchMergeKey:"mountPath" protobuf:"bytes,9,rep,name=volumeMounts"` |
| // volumeDevices is the list of block devices to be used by the container. |
| // +patchMergeKey=devicePath |
| // +patchStrategy=merge |
| // +optional |
| VolumeDevices []corev1.VolumeDevice `json:"volumeDevices,omitempty" patchStrategy:"merge" patchMergeKey:"devicePath" protobuf:"bytes,21,rep,name=volumeDevices"` |
| // Periodic probe of container liveness. |
| // Container will be restarted if the probe fails. |
| // Cannot be updated. |
| // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
| // +optional |
| LivenessProbe *corev1.Probe `json:"livenessProbe,omitempty" protobuf:"bytes,10,opt,name=livenessProbe"` |
| // Periodic probe of container service readiness. |
| // Container will be removed from service endpoints if the probe fails. |
| // Cannot be updated. |
| // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
| // +optional |
| ReadinessProbe *corev1.Probe `json:"readinessProbe,omitempty" protobuf:"bytes,11,opt,name=readinessProbe"` |
| // StartupProbe indicates that the Pod has successfully initialized. |
| // If specified, no other probes are executed until this completes successfully. |
| // If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. |
| // This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, |
| // when it might take a long time to load data or warm a cache, than during steady-state operation. |
| // This cannot be updated. |
| // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
| // +optional |
| StartupProbe *corev1.Probe `json:"startupProbe,omitempty" protobuf:"bytes,22,opt,name=startupProbe"` |
| // Actions that the management system should take in response to container lifecycle events. |
| // Cannot be updated. |
| // +optional |
| Lifecycle *corev1.Lifecycle `json:"lifecycle,omitempty" protobuf:"bytes,12,opt,name=lifecycle"` |
| // Optional: Path at which the file to which the container's termination message |
| // will be written is mounted into the container's filesystem. |
| // Message written is intended to be brief final status, such as an assertion failure message. |
| // Will be truncated by the node if greater than 4096 bytes. The total message length across |
| // all containers will be limited to 12kb. |
| // Defaults to /dev/termination-log. |
| // Cannot be updated. |
| // +optional |
| TerminationMessagePath string `json:"terminationMessagePath,omitempty" protobuf:"bytes,13,opt,name=terminationMessagePath"` |
| // Indicate how the termination message should be populated. File will use the contents of |
| // terminationMessagePath to populate the container status message on both success and failure. |
| // FallbackToLogsOnError will use the last chunk of container log output if the termination |
| // message file is empty and the container exited with an error. |
| // The log output is limited to 2048 bytes or 80 lines, whichever is smaller. |
| // Defaults to File. |
| // Cannot be updated. |
| // +optional |
| TerminationMessagePolicy corev1.TerminationMessagePolicy `json:"terminationMessagePolicy,omitempty" protobuf:"bytes,20,opt,name=terminationMessagePolicy,casttype=TerminationMessagePolicy"` |
| // Image pull policy. |
| // One of Always, Never, IfNotPresent. |
| // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. |
| // Cannot be updated. |
| // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
| // +optional |
| ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty" protobuf:"bytes,14,opt,name=imagePullPolicy,casttype=PullPolicy"` |
| // SecurityContext defines the security options the container should be run with. |
| // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. |
| // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ |
| // +optional |
| SecurityContext *corev1.SecurityContext `json:"securityContext,omitempty" protobuf:"bytes,15,opt,name=securityContext"` |
| |
| // Variables for interactive containers, these have very specialized use-cases (e.g. debugging) |
| // and shouldn't be used for general purpose containers. |
| |
| // Whether this container should allocate a buffer for stdin in the container runtime. If this |
| // is not set, reads from stdin in the container will always result in EOF. |
| // Default is false. |
| // +optional |
| Stdin bool `json:"stdin,omitempty" protobuf:"varint,16,opt,name=stdin"` |
| // Whether the container runtime should close the stdin channel after it has been opened by |
| // a single attach. When stdin is true the stdin stream will remain open across multiple attach |
| // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the |
| // first client attaches to stdin, and then remains open and accepts data until the client disconnects, |
| // at which time stdin is closed and remains closed until the container is restarted. If this |
| // flag is false, a container processes that reads from stdin will never receive an EOF. |
| // Default is false |
| // +optional |
| StdinOnce bool `json:"stdinOnce,omitempty" protobuf:"varint,17,opt,name=stdinOnce"` |
| // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. |
| // Default is false. |
| // +optional |
| TTY bool `json:"tty,omitempty" protobuf:"varint,18,opt,name=tty"` |
| } |
| |
| // ToContainer converts to Kubernetes Container API. |
| func (f *ContainerSpec) ToContainer() corev1.Container { |
| return corev1.Container{ |
| Name: DefaultContainerName, |
| Image: f.Image, |
| Command: f.Command, |
| Args: f.Args, |
| Ports: f.Ports, |
| EnvFrom: f.EnvFrom, |
| Env: f.Env, |
| Resources: f.Resources, |
| ResizePolicy: f.ResizePolicy, |
| VolumeMounts: f.VolumeMounts, |
| VolumeDevices: f.VolumeDevices, |
| LivenessProbe: f.LivenessProbe, |
| ReadinessProbe: f.ReadinessProbe, |
| StartupProbe: f.StartupProbe, |
| Lifecycle: f.Lifecycle, |
| TerminationMessagePath: f.TerminationMessagePath, |
| TerminationMessagePolicy: f.TerminationMessagePolicy, |
| ImagePullPolicy: f.ImagePullPolicy, |
| SecurityContext: f.SecurityContext, |
| Stdin: f.Stdin, |
| StdinOnce: f.StdinOnce, |
| TTY: f.TTY, |
| } |
| } |
| |
| // PodSpec describes the PodSpec for the internal deployments based on the default Kubernetes PodSpec API |
| type PodSpec struct { |
| // List of volumes that can be mounted by containers belonging to the pod. |
| // More info: https://kubernetes.io/docs/concepts/storage/volumes |
| // +optional |
| // +patchMergeKey=name |
| // +patchStrategy=merge,retainKeys |
| Volumes []corev1.Volume `json:"volumes,omitempty" patchStrategy:"merge,retainKeys" patchMergeKey:"name" protobuf:"bytes,1,rep,name=volumes"` |
| // List of initialization containers belonging to the pod. |
| // Init containers are executed in order prior to containers being started. If any |
| // init container fails, the pod is considered to have failed and is handled according |
| // to its restartPolicy. The name for an init container or normal container must be |
| // unique among all containers. |
| // Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. |
| // The resourceRequirements of an init container are taken into account during scheduling |
| // by finding the highest request/limit for each resource type, and then using the max of |
| // of that value or the sum of the normal containers. Limits are applied to init containers |
| // in a similar fashion. |
| // Init containers cannot currently be added or removed. |
| // Cannot be updated. |
| // More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ |
| // +patchMergeKey=name |
| // +patchStrategy=merge |
| InitContainers []corev1.Container `json:"initContainers,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,20,rep,name=initContainers"` |
| // List of containers belonging to the pod. |
| // Containers cannot currently be added or removed. |
| // There must be at least one container in a Pod. |
| // Cannot be updated. |
| // +optional |
| // +patchMergeKey=name |
| // +patchStrategy=merge |
| Containers []corev1.Container `json:"containers,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,2,rep,name=containers"` |
| // Restart policy for all containers within the pod. |
| // One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. |
| // Default to Always. |
| // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy |
| // +optional |
| RestartPolicy corev1.RestartPolicy `json:"restartPolicy,omitempty" protobuf:"bytes,3,opt,name=restartPolicy,casttype=RestartPolicy"` |
| // Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. |
| // Value must be non-negative integer. The value zero indicates stop immediately via |
| // the kill signal (no opportunity to shut down). |
| // If this value is nil, the default grace period will be used instead. |
| // The grace period is the duration in seconds after the processes running in the pod are sent |
| // a termination signal and the time when the processes are forcibly halted with a kill signal. |
| // Set this value longer than the expected cleanup time for your process. |
| // Defaults to 30 seconds. |
| // +optional |
| TerminationGracePeriodSeconds *int64 `json:"terminationGracePeriodSeconds,omitempty" protobuf:"varint,4,opt,name=terminationGracePeriodSeconds"` |
| // Optional duration in seconds the pod may be active on the node relative to |
| // StartTime before the system will actively try to mark it failed and kill associated containers. |
| // Value must be a positive integer. |
| // +optional |
| ActiveDeadlineSeconds *int64 `json:"activeDeadlineSeconds,omitempty" protobuf:"varint,5,opt,name=activeDeadlineSeconds"` |
| // Set DNS policy for the pod. |
| // Defaults to "ClusterFirst". |
| // Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. |
| // DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. |
| // To have DNS options set along with hostNetwork, you have to specify DNS policy |
| // explicitly to 'ClusterFirstWithHostNet'. |
| // +optional |
| DNSPolicy corev1.DNSPolicy `json:"dnsPolicy,omitempty" protobuf:"bytes,6,opt,name=dnsPolicy,casttype=DNSPolicy"` |
| // NodeSelector is a selector which must be true for the pod to fit on a node. |
| // Selector which must match a node's labels for the pod to be scheduled on that node. |
| // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ |
| // +optional |
| // +mapType=atomic |
| NodeSelector map[string]string `json:"nodeSelector,omitempty" protobuf:"bytes,7,rep,name=nodeSelector"` |
| |
| // ServiceAccountName is the name of the ServiceAccount to use to run this pod. |
| // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ |
| // +optional |
| ServiceAccountName string `json:"serviceAccountName,omitempty" protobuf:"bytes,8,opt,name=serviceAccountName"` |
| // AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. |
| // +optional |
| AutomountServiceAccountToken *bool `json:"automountServiceAccountToken,omitempty" protobuf:"varint,21,opt,name=automountServiceAccountToken"` |
| |
| // NodeName is a request to schedule this pod onto a specific node. If it is non-empty, |
| // the scheduler simply schedules this pod onto that node, assuming that it fits resource |
| // requirements. |
| // +optional |
| NodeName string `json:"nodeName,omitempty" protobuf:"bytes,10,opt,name=nodeName"` |
| // Host networking requested for this pod. Use the host's network namespace. |
| // If this option is set, the ports that will be used must be specified. |
| // Default to false. |
| // +k8s:conversion-gen=false |
| // +optional |
| HostNetwork bool `json:"hostNetwork,omitempty" protobuf:"varint,11,opt,name=hostNetwork"` |
| // Use the host's pid namespace. |
| // Optional: Default to false. |
| // +k8s:conversion-gen=false |
| // +optional |
| HostPID bool `json:"hostPID,omitempty" protobuf:"varint,12,opt,name=hostPID"` |
| // Use the host's ipc namespace. |
| // Optional: Default to false. |
| // +k8s:conversion-gen=false |
| // +optional |
| HostIPC bool `json:"hostIPC,omitempty" protobuf:"varint,13,opt,name=hostIPC"` |
| // Share a single process namespace between all of the containers in a pod. |
| // When this is set containers will be able to view and signal processes from other containers |
| // in the same pod, and the first process in each container will not be assigned PID 1. |
| // HostPID and ShareProcessNamespace cannot both be set. |
| // Optional: Default to false. |
| // +k8s:conversion-gen=false |
| // +optional |
| ShareProcessNamespace *bool `json:"shareProcessNamespace,omitempty" protobuf:"varint,27,opt,name=shareProcessNamespace"` |
| // SecurityContext holds pod-level security attributes and common container settings. |
| // Optional: Defaults to empty. See type description for default values of each field. |
| // +optional |
| SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty" protobuf:"bytes,14,opt,name=securityContext"` |
| // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. |
| // If specified, these secrets will be passed to individual puller implementations for them to use. |
| // More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod |
| // +optional |
| // +patchMergeKey=name |
| // +patchStrategy=merge |
| ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,15,rep,name=imagePullSecrets"` |
| // Specifies the hostname of the Pod |
| // If not specified, the pod's hostname will be set to a system-defined value. |
| // +optional |
| Hostname string `json:"hostname,omitempty" protobuf:"bytes,16,opt,name=hostname"` |
| // If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". |
| // If not specified, the pod will not have a domainname at all. |
| // +optional |
| Subdomain string `json:"subdomain,omitempty" protobuf:"bytes,17,opt,name=subdomain"` |
| // If specified, the pod's scheduling constraints |
| // +optional |
| Affinity *corev1.Affinity `json:"affinity,omitempty" protobuf:"bytes,18,opt,name=affinity"` |
| // If specified, the pod will be dispatched by specified scheduler. |
| // If not specified, the pod will be dispatched by default scheduler. |
| // +optional |
| SchedulerName string `json:"schedulerName,omitempty" protobuf:"bytes,19,opt,name=schedulerName"` |
| // If specified, the pod's tolerations. |
| // +optional |
| Tolerations []corev1.Toleration `json:"tolerations,omitempty" protobuf:"bytes,22,opt,name=tolerations"` |
| // HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts |
| // file if specified. This is only valid for non-hostNetwork pods. |
| // +optional |
| // +patchMergeKey=ip |
| // +patchStrategy=merge |
| HostAliases []corev1.HostAlias `json:"hostAliases,omitempty" patchStrategy:"merge" patchMergeKey:"ip" protobuf:"bytes,23,rep,name=hostAliases"` |
| // If specified, indicates the pod's priority. "system-node-critical" and |
| // "system-cluster-critical" are two special keywords which indicate the |
| // highest priorities with the former being the highest priority. Any other |
| // name must be defined by creating a PriorityClass object with that name. |
| // If not specified, the pod priority will be default or zero if there is no |
| // default. |
| // +optional |
| PriorityClassName string `json:"priorityClassName,omitempty" protobuf:"bytes,24,opt,name=priorityClassName"` |
| // The priority value. Various system components use this field to find the |
| // priority of the pod. When Priority Admission Controller is enabled, it |
| // prevents users from setting this field. The admission controller populates |
| // this field from PriorityClassName. |
| // The higher the value, the higher the priority. |
| // +optional |
| Priority *int32 `json:"priority,omitempty" protobuf:"bytes,25,opt,name=priority"` |
| // Specifies the DNS parameters of a pod. |
| // Parameters specified here will be merged to the generated DNS |
| // configuration based on DNSPolicy. |
| // +optional |
| DNSConfig *corev1.PodDNSConfig `json:"dnsConfig,omitempty" protobuf:"bytes,26,opt,name=dnsConfig"` |
| // If specified, all readiness gates will be evaluated for pod readiness. |
| // A pod is ready when all its containers are ready AND |
| // all conditions specified in the readiness gates have status equal to "True" |
| // More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates |
| // +optional |
| ReadinessGates []corev1.PodReadinessGate `json:"readinessGates,omitempty" protobuf:"bytes,28,opt,name=readinessGates"` |
| // RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used |
| // to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. |
| // If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an |
| // empty definition that uses the default runtime handler. |
| // More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class |
| // +optional |
| RuntimeClassName *string `json:"runtimeClassName,omitempty" protobuf:"bytes,29,opt,name=runtimeClassName"` |
| // EnableServiceLinks indicates whether information about services should be injected into pod's |
| // environment variables, matching the syntax of Docker links. |
| // Optional: Defaults to true. |
| // +optional |
| EnableServiceLinks *bool `json:"enableServiceLinks,omitempty" protobuf:"varint,30,opt,name=enableServiceLinks"` |
| // PreemptionPolicy is the Policy for preempting pods with lower priority. |
| // One of Never, PreemptLowerPriority. |
| // Defaults to PreemptLowerPriority if unset. |
| // +optional |
| PreemptionPolicy *corev1.PreemptionPolicy `json:"preemptionPolicy,omitempty" protobuf:"bytes,31,opt,name=preemptionPolicy"` |
| // Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. |
| // This field will be autopopulated at admission time by the RuntimeClass admission controller. If |
| // the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. |
| // The RuntimeClass admission controller will reject Pod create requests which have the overhead already |
| // set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value |
| // defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. |
| // More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md |
| // +optional |
| Overhead corev1.ResourceList `json:"overhead,omitempty" protobuf:"bytes,32,opt,name=overhead"` |
| // TopologySpreadConstraints describes how a group of pods ought to spread across topology |
| // domains. Scheduler will schedule pods in a way which abides by the constraints. |
| // All topologySpreadConstraints are ANDed. |
| // +optional |
| // +patchMergeKey=topologyKey |
| // +patchStrategy=merge |
| // +listType=map |
| // +listMapKey=topologyKey |
| // +listMapKey=whenUnsatisfiable |
| TopologySpreadConstraints []corev1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty" patchStrategy:"merge" patchMergeKey:"topologyKey" protobuf:"bytes,33,opt,name=topologySpreadConstraints"` |
| // If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). |
| // In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). |
| // In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. |
| // If a pod does not have FQDN, this has no effect. |
| // Default to false. |
| // +optional |
| SetHostnameAsFQDN *bool `json:"setHostnameAsFQDN,omitempty" protobuf:"varint,35,opt,name=setHostnameAsFQDN"` |
| // Specifies the OS of the containers in the pod. |
| // Some pod and container fields are restricted if this is set. |
| // |
| // If the OS field is set to linux, the following fields must be unset: |
| // -securityContext.windowsOptions |
| // |
| // If the OS field is set to windows, following fields must be unset: |
| // - spec.hostPID |
| // - spec.hostIPC |
| // - spec.hostUsers |
| // - spec.securityContext.seLinuxOptions |
| // - spec.securityContext.seccompProfile |
| // - spec.securityContext.fsGroup |
| // - spec.securityContext.fsGroupChangePolicy |
| // - spec.securityContext.sysctls |
| // - spec.shareProcessNamespace |
| // - spec.securityContext.runAsUser |
| // - spec.securityContext.runAsGroup |
| // - spec.securityContext.supplementalGroups |
| // - spec.containers[*].securityContext.seLinuxOptions |
| // - spec.containers[*].securityContext.seccompProfile |
| // - spec.containers[*].securityContext.capabilities |
| // - spec.containers[*].securityContext.readOnlyRootFilesystem |
| // - spec.containers[*].securityContext.privileged |
| // - spec.containers[*].securityContext.allowPrivilegeEscalation |
| // - spec.containers[*].securityContext.procMount |
| // - spec.containers[*].securityContext.runAsUser |
| // - spec.containers[*].securityContext.runAsGroup |
| // +optional |
| OS *corev1.PodOS `json:"os,omitempty" protobuf:"bytes,36,opt,name=os"` |
| |
| // Use the host's user namespace. |
| // Optional: Default to true. |
| // If set to true or not present, the pod will be run in the host user namespace, useful |
| // for when the pod needs a feature only available to the host user namespace, such as |
| // loading a kernel module with CAP_SYS_MODULE. |
| // When set to false, a new userns is created for the pod. Setting false is useful for |
| // mitigating container breakout vulnerabilities even allowing users to run their |
| // containers as root without actually having root privileges on the host. |
| // This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. |
| // +k8s:conversion-gen=false |
| // +optional |
| HostUsers *bool `json:"hostUsers,omitempty" protobuf:"bytes,37,opt,name=hostUsers"` |
| |
| // SchedulingGates is an opaque list of values that if specified will block scheduling the pod. |
| // If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the |
| // scheduler will not attempt to schedule the pod. |
| // |
| // SchedulingGates can only be set at pod creation time, and be removed only afterwards. |
| // |
| // This is a beta feature enabled by the PodSchedulingReadiness feature gate. |
| // |
| // +patchMergeKey=name |
| // +patchStrategy=merge |
| // +listType=map |
| // +listMapKey=name |
| // +featureGate=PodSchedulingReadiness |
| // +optional |
| SchedulingGates []corev1.PodSchedulingGate `json:"schedulingGates,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,38,opt,name=schedulingGates"` |
| // ResourceClaims defines which ResourceClaims must be allocated |
| // and reserved before the Pod is allowed to start. The resources |
| // will be made available to those containers which consume them |
| // by name. |
| // |
| // This is an alpha field and requires enabling the |
| // DynamicResourceAllocation feature gate. |
| // |
| // This field is immutable. |
| // |
| // +patchMergeKey=name |
| // +patchStrategy=merge,retainKeys |
| // +listType=map |
| // +listMapKey=name |
| // +featureGate=DynamicResourceAllocation |
| // +optional |
| ResourceClaims []corev1.PodResourceClaim `json:"resourceClaims,omitempty" patchStrategy:"merge,retainKeys" patchMergeKey:"name" protobuf:"bytes,39,rep,name=resourceClaims"` |
| } |
| |
| func (f *PodSpec) ToPodSpec() corev1.PodSpec { |
| return corev1.PodSpec{ |
| Volumes: f.Volumes, |
| InitContainers: f.InitContainers, |
| Containers: f.Containers, |
| RestartPolicy: f.RestartPolicy, |
| TerminationGracePeriodSeconds: f.TerminationGracePeriodSeconds, |
| ActiveDeadlineSeconds: f.ActiveDeadlineSeconds, |
| DNSPolicy: f.DNSPolicy, |
| NodeSelector: f.NodeSelector, |
| ServiceAccountName: f.ServiceAccountName, |
| AutomountServiceAccountToken: f.AutomountServiceAccountToken, |
| NodeName: f.NodeName, |
| HostNetwork: f.HostNetwork, |
| HostPID: f.HostPID, |
| HostIPC: f.HostIPC, |
| ShareProcessNamespace: f.ShareProcessNamespace, |
| SecurityContext: f.SecurityContext, |
| ImagePullSecrets: f.ImagePullSecrets, |
| Hostname: f.Hostname, |
| Subdomain: f.Subdomain, |
| Affinity: f.Affinity, |
| SchedulerName: f.SchedulerName, |
| Tolerations: f.Tolerations, |
| HostAliases: f.HostAliases, |
| PriorityClassName: f.PriorityClassName, |
| Priority: f.Priority, |
| DNSConfig: f.DNSConfig, |
| ReadinessGates: f.ReadinessGates, |
| RuntimeClassName: f.RuntimeClassName, |
| EnableServiceLinks: f.EnableServiceLinks, |
| PreemptionPolicy: f.PreemptionPolicy, |
| Overhead: f.Overhead, |
| TopologySpreadConstraints: f.TopologySpreadConstraints, |
| SetHostnameAsFQDN: f.SetHostnameAsFQDN, |
| OS: f.OS, |
| HostUsers: f.HostUsers, |
| SchedulingGates: f.SchedulingGates, |
| ResourceClaims: f.ResourceClaims, |
| } |
| } |
| |
| // PodTemplateSpec describes the desired custom Kubernetes PodTemplate definition for the deployed flow or service. |
| // |
| // The ContainerSpec describes the container where the actual flow or service is running. It will override any default definitions. |
| // For example, to override the image one can use `.spec.podTemplate.container.image = my/image:tag`. |
| type PodTemplateSpec struct { |
| // Container is the Kubernetes container where the application should run. |
| // One can change this attribute in order to override the defaults provided by the operator. |
| // +optional |
| Container ContainerSpec `json:"container,omitempty"` |
| // +optional |
| PodSpec `json:",inline"` |
| // +optional |
| Replicas *int32 `json:"replicas,omitempty"` |
| } |